Cotter
Cotter
Blog
Dashboard
Get help on Slack 👋
🚀 Getting Started
Features & Concepts
📌 Quickstart Guides
All Guides & Tutorials
HTML – Sign in with Email/Phone
React – Sign in with Email/Phone
React – WebAuthn
▲ Next.js
Angular
Webflow
Bubble.io
Python SDK for a CLI
React Native – Sign in with Device
iOS – Sign in with Device
Flutter – Sign in with Device
📘 SDK Reference
Web
React Native
Flutter
iOS
Android
Python (for CLI)
API for Other Mobile Apps or CLI
Backend: Handling Response
🛡️ Protecting Your Account
Only Allow Your Website/App to Use Your API Key
Rate Limit
Enable reCAPTCHA to Protect Against Automated Abuse
🗝️ Getting Access Token
Cotter's OAuth 2.0 Tokens Specification
Storing and Removing Tokens
Renewing Expired Tokens
Verifying JWT Tokens
Requesting Custom Fields on your JWT Token
Older API
🔌 API Reference
User API
OAuth Tokens API
Verify JWT Token using API (serverless)
Requesting Custom Claims on your Access Token
Older API
Event Object
Older API
Validating Cotter's Identity Token
Validating Cotter's Event Response
Powered by GitBook

Verify JWT Token using API (serverless)

If you don't have a backend server, for example, if you're using Webflow, we have provided an API endpoint to validate the access token from Cotter.

post
Verify JWT Token from Cotter

https://worker.cotter.app/verify
If you don't have a server to verify Cotter's JWT token, you can do so by calling this API.
Request
Response
Request
Headers
API_KEY_ID
optional
string
Your "API_KEY_ID". It's recommended to include your API KEY ID so it validates that the token is made for your project.
Content-Type
required
string
application/json
Body Parameters
oauth_token
required
object
The `oauth_token` object that is returned by Cotter's Response. It should have an attribute called `access_token` with the access token that you want to verify.
Response
200: OK
Check if the token is valid based on the success value.
// For valid tokens: 
{
    "success":true 
}
// If there's a problem:
{
    "success":false,
    "reason":"Error: Invalid JWT token"
}

Example HTTP Request:

POST https://worker.cotter.app/verify
Content-Type: application/json
API_KEY_ID: <YOUR API KEY ID>
{
    "oauth_token": {
        "access_token": "eyJhbGciOiJFUzI1Ni...",
        "id_token": "eyJhbGciOiJFUzI1NiIsIm...",
        "refresh_token": "55185:BjD1Hh8ea...",
        "expires_in": 3600,
        "token_type": "Bearer",
        "auth_method": "OTP"
    }
}

Example with Javascript:

<!--Get Cotter JS SDK-->
<script
    src="https://unpkg.com/cotter@0.3.16/dist/cotter.min.js"
    type="text/javascript"
></script>
<script>
  async function checkAccessToken() {
    // 1. Get the logged-in user's access token
    let cotter = new Cotter("API_KEY_ID"); // 👈 Specify your API KEY ID here
    let token = await cotter.tokenHandler.getAccessToken();
    var accessToken = token?.token;
    // 2. Construct the body
    let body = {
      oauth_token: {
        access_token: accessToken
      }
    };
    // 3. If user is logged in then we fetch the user data
    let url = "https://worker.cotter.app/verify";
    fetch(url, {
      method: "POST",
      cache: "no-cache",
      headers: {
        "Content-Type": "application/json",
        API_KEY_ID: "API_KEY_ID"   // 👈 Specify your API KEY ID here
      },
      mode: "cors",
      body: JSON.stringify(body)
    })
      .then((resp) => resp.json())
      .then((data) => {
        if (!data.success) {
          window.location.href = "/login"; // Redirect to your login page
        } else {
          console.log("Token is valid!");
        }
      });
  }
</script>
🔌 API Reference - Previous
OAuth Tokens API
Next
Requesting Custom Claims on your Access Token
Last updated 4 weeks ago