SDK Authentication
Authentication Method
The Open Ledger React SDK uses access tokens for authentication:
- Access token - Using an entity-scoped token obtained from the
/v1/entities/auth/generate-token
endpoint
Setting Up Authentication
The recommended approach is to use an access token for authentication:
Do not expose your API Key in the client. For production applications, implement a secure authentication flow where API keys are handled by your backend server to generate access tokens.
Generating Access Tokens
To generate an access token, make a request to the token endpoint from your backend:
The response will include the access token that can be passed to your frontend:
Your frontend can then use this token:
Auth Error Handling
You can handle authentication errors by providing an onAuthError
callback:
Checking Auth Status
You can use the useOpenLedgerContext
hook to check authentication status:
Authentication Security Best Practices
For production applications, consider these security best practices:
Implement token exchange on your backend to avoid exposing credentials in client-side code
Use environment variables to store sensitive credentials (for server-side rendering)
Use short-lived access tokens and implement token refresh mechanisms
Ensure all communication happens over HTTPS
Recommended Authentication Flow
For production applications, we recommend implementing the following authentication flow:
- Your frontend application handles authentication, client requests access token from your backend
- Your backend authenticates with Open Ledger to retrieve access token
- Your backend receives and returns an access token to your frontend
- Your frontend initializes the SDK with this access token
This approach ensures your enterprise credentials remain secure on your backend server.
For sample implementation of secure authentication flows, check out our example repositories.
Environment Configuration
The SDK supports different environments to facilitate your development workflow:
Make sure to use the appropriate API URL and credentials for each environment. Credentials from one environment won’t work in another.
Full Configuration Options
The SDK provides several configuration options to customize its behavior:
Theme Configuration
You can customize the appearance of components by providing a theme object:
For detailed theme customization options, see the Theming Guide.
Error Handling
You can provide custom error handlers to manage authentication and other errors:
Configuration with React Context
You can access configuration values within your components using the useOpenLedgerContext
hook:
Dynamic Configuration
For applications that need to change configuration at runtime:
Configuration Best Practices
For production applications, consider these configuration best practices:
Secure Backend Authentication
For client-side applications, implement a secure backend service that handles authentication: