Skip to main content

JavaScript SDK

We offer general JavaScript and TypeScript SDKs for interacting with the Permissions API.

Server SDK

The Server SDK is designed for use in server-side applications. It can be used to propagate Resource changes from your system to the Permissions API and to check permissions for your actions.

Installation

Add the Permissions Server SDK NPM package to your project.

npm install @spaceblocks/permissions-server

Initialization

Before using the Server SDK, we need to create a Client in the Developer Portal with at least the following scopes:

  • permissions:management:read
  • permissions:management:write

This will give us a Client ID and Client Secret that we can use to authenticate with the API.

Instantiate the SDK with the API URL and API Key from the Developer Portal.

import { PermissionsClient } from '@spaceblocks/permissions-server';

const permissionsClient = new PermissionsClient(
  '<YOUR_PERMISSIONS_URL>',
  '<YOUR_API_KEY>',
  {
  clientId: '<YOUR_CLIENT_ID>',
  clientSecret: '<YOUR_CLIENT_SECRET>'
});

Client SDK

The Client SDK is designed for use in frontend applications. It can be used to check permissions for your actions.

tip

If your frontend application is created with React, you should use the React SDK instead.

Installation

Add the Permissions Client SDK NPM package to your project.

npm install @spaceblocks/permissions-client

Initialization

Before using the Client SDK, you need to implement the Frontend Access Token Flow at your server, to expose an endpoint that can be used to request an Impersonated Access Token for your frontend services.

Instantiate the SDK with the API URL and API Key from the Developer Portal and pass an accessTokenFactory function, which calls your backend and returns an Impersonated Space Blocks Access Token.

import { PermissionsClient } from '@spaceblocks/permissions-client';

const client = new PermissionsClient(
  '<YOUR_PERMISSIONS_URL>',
  '<YOUR_API_KEY>',
  () => {
  const token = fetch; // Call your backend to to get an impersonated access token
  return token;
});