Express Quickstart

This quickstart guide outlines the essential steps to integrate Stytch’s B2B SaaS Authentication product within a Express application.

Overview

Stytch offers a Node SDK that can be integrated within Express applications:

SDK

Development

Notes

Reference

Source Code

Node SDK

Server-side

For server-side code. Our Node SDK facilitates robust authentication and authorization mechanisms and can be integrated directly with Express apps to handle backend logic.

SDK Reference

GitHub

In addition to our Node SDK, we recommend you consider using one of Stytch's frontend SDKs (headless or with pre-built UI) to build your client-side auth UI.

Learn more about different integration methods and their benefits by visiting our integration guides.

Getting Started

To begin, we'll set up Email Magic Links utilizing our Discovery flow.

1Install Stytch SDK and configure your API Keys

Create a Stytch B2B Project in your Stytch Dashboard if you haven't already.

Install our Node SDK in your Express environment:

npm install stytch

Configure your Stytch Project's API keys as environment variables:

STYTCH_PROJECT_ID="YOUR_STYTCH_PROJECT_ID"
STYTCH_SECRET="YOUR_STYTCH_PROJECT_SECRET"
# Use your Project's 'test' or 'live' credentials

2Set up your Express app

Initialize the Stytch client in your Express app and set up routes to handle authentication:

const express = require('express');
const stytch = require('stytch');
const bodyParser = require('body-parser');

const app = express();
app.use(bodyParser.urlencoded({ extended: true }));

const stytchClient = new stytch.B2BClient({
  project_id: process.env.STYTCH_PROJECT_ID,
  secret: process.env.STYTCH_SECRET,
});

app.post('/login', (req, res) => {
  const email = req.body.email;
  stytchClient.magicLinks.email.discovery.send({
    email_address: email
  })
  .then(response => {
    res.json(response)
  })
  .catch(err => {
    res.status(500).send(err.toString())
  });
});

app.get('/authenticate', (req, res) => {
  const token = req.query.token;
  stytchClient.magicLinks.discovery.authenticate({
    discovery_magic_links_token: token
  })
  .then(response => {
    res.send(`Hello, ${response.email_address}! Complete the Discovery flow by creating an Organization with your intermediate session token: ${response.intermediate_session_token}.`)
  })
  .catch(err => {
    res.status(401).send(err.toString())
  });
});

app.listen(3000, () => console.log('Server running on http://localhost:3000'));

For Email Magic Links, you must specify a redirect URL in your Project's Dashboard to authenticate the token. By default, the redirect URL is set to http://localhost:3000/authenticate.

You can specify additional Redirect URLs in your Project's Dashboard, and override the default by passing in an explicit discovery_redirect_url argument.

You can read more about redirect URLs in this guide.

3Test your application

Run your Express application and send a POST request to the /login endpoint with an email address to test the Discovery auth flow. You will recieve an email in your inbox with an Email Magic Link, which redirects you to the /authenticate endpoint or the redirect URL you set in your [Dashboard].

4What's next

Check out our product-specific guides for how to handle full authentication flows for each product you'd like to support, like Email Magic Links and OAuth.