Backend | Notion

Explanation

The Clice widget will request a token from your backend to identify the currently logged-in user.

Your backend doesn’t need to handle the security, expiration, or validation of this token — Clice servers manage all of that.

However, you must define a route that signs and returns this token when the widget asks for it.

Initialization route

You must create a route on your backend that Clice will call to request an access token.

This token must be signed with your private key, which you can find in the section mentioned earlier.

Keep this key confidential.

Here’s an example of what it looks like:

Make sure to preserve line breaks, header, and footer exactly as shown.

Route details

The initialization route is a GET request that should return an object containing two properties:

The signed token → token
The token’s expiration timestamp in milliseconds → expMs

Example implementation:

router.get("/initialize-clice", authMiddleware, async (req, res) => {
	initClice(req.user, req.ip, res);
});

async function initClice(user, ip, res) {
	const ttlSeconds = 10 * 60; // token expires in 10 minutes – adjust as needed for security

	const payload = {
		cuId: user.id,
		email: user.email,
		plan: user.plan,
		name: user.name,
		createdAt: user.createdAt,
	};

	// Sign the token with the RS256 algorithm using your private key as the cryptographic secret
	// Uses the jsonwebtoken library (import * as jwt from "jsonwebtoken")
	const token = jwt.sign(payload, privateKey, {
		algorithm: 'RS256',
		expiresIn: ttlSeconds,
	});

	// Return the token and expiration in ms
	const expMs = Date.now() + ttlSeconds * 1000;
	return res.status(200).send({ token, expMs });
}

Payload field	What Clice expects	Type
`cuId`	Unique user ID from your application	`string`
`email`	User’s email address	`string`
`plan`	User’s plan (e.g., Premium, Free)	`string`
`name`	User’s name	`string`
`createdAt`	User’s registration date	`date`