Verify JWT Token using API (serverless)

If you don't have a backend server, for example, if you're using Webflow, we have provided an API endpoint to validate the access token from Cotter.

post
Verify JWT Token from Cotter

https://worker.cotter.app/verify
If you don't have a server to verify Cotter's JWT token, you can do so by calling this API.
Request
Response
Request
Headers
API_KEY_ID
optional
string
Your "API_KEY_ID". It's recommended to include your API KEY ID so it validates that the token is made for your project.
Content-Type
required
string
application/json
Body Parameters
oauth_token
required
object
The `oauth_token` object that is returned by Cotter's Response. It should have an attribute called `access_token` with the access token that you want to verify.
Response
200: OK
Check if the token is valid based on the success value.
// For valid tokens:
{
"success":true
}
​
// If there's a problem:
{
"success":false,
"reason":"Error: Invalid JWT token"
}

Example HTTP Request:

POST https://worker.cotter.app/verify
Content-Type: application/json
API_KEY_ID: <YOUR API KEY ID>
​
{
"oauth_token": {
"access_token": "eyJhbGciOiJFUzI1Ni...",
"id_token": "eyJhbGciOiJFUzI1NiIsIm...",
"refresh_token": "55185:BjD1Hh8ea...",
"expires_in": 3600,
"token_type": "Bearer",
"auth_method": "OTP"
}
}

Example with Javascript:

<!--Get Cotter JS SDK-->
<script
src="https://unpkg.com/cotter@0.3.16/dist/cotter.min.js"
type="text/javascript"
></script>
​
<script>
async function checkAccessToken() {
// 1. Get the logged-in user's access token
let cotter = new Cotter("API_KEY_ID"); // πŸ‘ˆ Specify your API KEY ID here
let token = await cotter.tokenHandler.getAccessToken();
var accessToken = token?.token;
​
// 2. Construct the body
let body = {
oauth_token: {
access_token: accessToken
}
};
​
// 3. If user is logged in then we fetch the user data
let url = "https://worker.cotter.app/verify";
fetch(url, {
method: "POST",
cache: "no-cache",
headers: {
"Content-Type": "application/json",
API_KEY_ID: "API_KEY_ID" // πŸ‘ˆ Specify your API KEY ID here
},
mode: "cors",
body: JSON.stringify(body)
})
.then((resp) => resp.json())
.then((data) => {
if (!data.success) {
window.location.href = "/login"; // Redirect to your login page
} else {
console.log("Token is valid!");
}
});
}
</script>