Skip to main content

Setup SDK Client for Store

This article explains how to build an OpenFGA client by using the SDKs.

The first step is to ensure that you have created a store by following these steps.

Next, depending on the authentication scheme you want to use, there are different ways to build the client.

Using No Authentication

This is a simple setup but it is not recommended for production use.

const { OpenFgaClient } = require('@openfga/sdk'); // OR import { OpenFgaClient } from '@openfga/sdk';

const openFga = new OpenFgaClient({
apiUrl: process.env.FGA_API_URL, // required, e.g. https://api.fga.example
storeId: process.env.FGA_STORE_ID,
authorizationModelId: process.env.FGA_MODEL_ID, // Optional, can be overridden per request
});

Using Shared Key Authentication

If you want to use shared key authentication, you need to generate a random string that will work as secret and set that key when building your OpenFGA server. Then, when building the client, set it as environment variable FGA_API_TOKEN.

Warning

If you are going to use this setup in production, you should enable TLS in your OpenFGA server. Please see the Production Checklist.

const { CredentialsMethod, OpenFgaClient } = require('@openfga/sdk'); // OR import { CredentialsMethod, OpenFgaClient } from '@openfga/sdk';

const openFga = new OpenFgaClient({
apiUrl: process.env.FGA_API_URL, // required, e.g. https://api.fga.example
storeId: process.env.FGA_STORE_ID, // optional, not needed for \`CreateStore\` and \`ListStores\`, required before calling for all other methods
authorizationModelId: process.env.FGA_MODEL_ID, // optional, can be overridden per request
credentials: {
method: CredentialsMethod.ApiToken,
config: {
token: process.env.$FGA_API_TOKEN,
},
}
});

Using Client Credentials Flow

Note

The OpenFGA server does not support the client credentials flow, however if you or your OpenFGA provider have implemented a client credentials wrapper on top, follow the instructions here to have the OpenFGA client handle the token exchange for you.

const { CredentialsMethod, OpenFgaClient } = require('@openfga/sdk'); // OR import { CredentialsMethod, OpenFgaClient } from '@openfga/sdk';

const openFga = new OpenFgaClient({
apiUrl: process.env.FGA_API_URL, // required, e.g. https://api.fga.example
storeId: process.env.FGA_STORE_ID, // optional, not needed for \`CreateStore\` and \`ListStores\`, required before calling for all other methods
authorizationModelId: process.env.FGA_MODEL_ID, // optional, can be overridden per request
credentials: {
method: CredentialsMethod.ClientCredentials,
config: {
apiTokenIssuer: process.env.FGA_API_TOKEN_ISSUER,
apiAudience: process.env.FGA_API_AUDIENCE,
clientId: process.env.FGA_CLIENT_ID,
clientSecret: process.env.FGA_CLIENT_SECRET,
},
}
});