Hi all,
This is a basic question: I’m building a web application. After logging in, the user is given a token which he sends for every request. What would be the best way to validate the token, that is, ensure it is a legitimate token and the user is still logged in?
Many thanks
Hey there – thanks for posting!
I’ll assume you’re referring to a Stytch session token or Stytch session JWT in this case, which are the tokens that we grant to users upon successful login, as you described.
In order to validate the Stytch session token or JWT, you’ll want to call our Session authentication endpoint, either for Consumer (if you are using a Consumer Stytch project), or for B2B (if you’re using a B2B Stytch project). The Session authentication response will indicate whether or not the token is still valid.
I’d also recommend checking out our Session tokens vs. JWTs resource as well as our How to use Stytch JWTs resource to better understand the difference between the two tokens and their usage.
Happy to help with any additional questions you have about this!
Thanks for the quick response!