Skip to main content

Setup SDK Client for Store

note
OpenFGA is an open source Fine-Grained Authorization solution based on Google's Zanzibar. We welcome community contribution to this project.

This article explains how to build an OpenFGA client by using the SDKs.

The first step is to ensure that you have created a store by following these steps.

Next, depending on the authentication scheme you want to use, there are different ways to build the client.

Using No Authentication

This is a simple setup but it is not recommended for production use.

const { OpenFgaApi } = require('@openfga/sdk'); // OR import { OpenFgaApi } from '@openfga/sdk';

const openFga = new OpenFgaApi({
    apiScheme: process.env.FGA_API_SCHEME, // Optional. Can be "http" or "https". Defaults to "https"
    apiHost: process.env.FGA_API_HOST, // required, define without the scheme (e.g. api.openfga.example instead of https://api.openfga.example)
    storeId: process.env.FGA_STORE_ID
});

Using Shared Key Authentication

If you want to use shared key authentication, you need to generate a random string that will work as secret and set that key when building your OpenFGA server. Then, when building the client, set it as environment variable FGA_BEARER_TOKEN.

Warning

If you are going to use this setup in production, you should enable TLS in your OpenFGA server. Please see the Production Checklist.

const { OpenFgaApi } = require('@openfga/sdk'); // OR import { OpenFgaApi } from '@openfga/sdk';

const openFga = new OpenFgaApi({
    apiScheme: process.env.FGA_API_SCHEME, // optional, defaults to "https"
    apiHost: process.env.FGA_API_HOST, // required, define without the scheme (e.g. api.openfga.example instead of https://api.openfga.example)
    storeId: process.env.FGA_STORE_ID, // optional, not needed for `CreateStore` and `ListStores`, required before calling for all other methods
    credentials: {
        method: CredentialsMethod.ApiToken,
        token: process.env.FGA_BEARER_TOKEN,
    }
});