User Management

Manage the session and avatar state of your users. For secure integrations, you should always handle authentication through your backend.

Authentication Flow

Users must always get the getAuthToken from their backend to call our backend.
This auth token lasts for 30 minutes.
Client needs to send userId and userName for better logging in the dashboard.
The received auth token must be supplied to the token= parameter in the iframe URL.

Backend Implementation (Node.js)

Implement this on your server to securely fetch a token for your client application.

// Node.js 18+ (built-in fetch)

const CLIENT_SECRET = "ADD_CLIENT_SECRET_HERE";
const CLIENT_ID = "ADD_CLIENT_ID_HERE";

async function getAuthToken() {
  try {
    const response = await fetch(
      "https://us-central1-streamoji-265f4.cloudfunctions.net/getAuthToken",
      {
        method: "POST",
        headers: {
          "Content-Type": "application/json",
          "Client-Secret": CLIENT_SECRET,
          "Client-Id": CLIENT_ID,
        },
        body: JSON.stringify({
          userId: "test-user-123",
          userName: "John Doe",
        }),
      }
    );

    const data = await response.json();

    if (!data.success) {
      throw new Error("Auth token generation failed");
    }

    // Return just the token (usually what callers want)
    return data.authToken;
  } catch (error) {
    console.error("Error getting auth token:", error);
    throw error;
  }
}

Using the Token

Once you have the token, append it to your iframe source URL:

https://avatars.streamoji.com/createAvatar?iframe=true&token=YOUR_AUTH_TOKEN