This guide explains how to handle access tokens securely in your Stripe integration.
Note that access tokens are handled for you automatically by the Iaptic JS SDK. You might however want to store them in your own database if your app isn't purely client-side.
Understanding Access Tokens
Access tokens are secure tokens that identify user sessions and purchases. They are used to:
- Allow subscription status verification
- Enable customer portal access
- Permit plan changes
They are rotated by iaptic for security.
Storing Access Tokens
Access tokens are generated during checkout and automatically rotated. Whenever a new token is generated, the onAccessTokenChange callback is triggered, you can then store the new token in your own database.
// Create checkout session
const response = await iaptic.onAccessTokenChange(newToken => {
// Store access token securely
appUser.saveIapticAccessToken(newToken);
});
You can also actively get the latest access token.
const token = appUser.getAccessToken();
if (token) {
appUser.saveIapticAccessToken(token);
}