SDKs

Four integration paths. One API.

Hosted page (no code), vanilla script-tag, React components, or raw HTTP. Pick what fits your stack.

Hosted Sign-In Page

Zero-code redirect — Kynetra hosts the UI

Setup

# No install — redirect users to the hosted page

Includes

  • No SDK or build step required
  • Shows your branding (logo, primary color)
  • Renders only your enabled providers
  • Tokens returned via URL fragment to your redirectUrl
  • Works with any language or framework
example
<!-- Redirect users to the hosted sign-in page -->
<a href="https://auth.kynetra.dev/sign-in?pk=pk_live_YOUR_KEY&redirect_url=https://yoursite.com/callback">
  Sign in
</a>

<!-- On your /callback page — parse the fragment -->
<script>
  const params = new URLSearchParams(location.hash.slice(1));
  const accessToken = params.get('access_token');
  const tenantId    = params.get('tenant_id');

  if (accessToken) {
    // Store and redirect to your app
    localStorage.setItem('kynetra_token', accessToken);
    window.location.href = '/dashboard';
  }
</script>
Kynetra JS (vanilla)

Script-tag drop-in — no npm, no build

Install

<script src="https://auth.kynetra.dev/sdk/kynetra.js"></script>

Includes

  • Single script tag — works in any HTML page
  • Global Kynetra() factory
  • Auto-fetches tenant config (/public/config)
  • mount() renders branded buttons into any element
  • Parses redirect fragment, stores tokens, strips hash
  • isSignedIn() / getUser() / signOut()
  • Zero dependencies, pure ES2017
example
<script src="https://auth.kynetra.dev/sdk/kynetra.js"></script>
<div id="kynetra-signin"></div>

<script>
  const auth = Kynetra({ publishableKey: 'pk_live_YOUR_KEY' });

  // Render provider buttons (fetches config automatically)
  auth.mount('#kynetra-signin', {
    redirectUrl: 'https://yoursite.com/callback',
  });
</script>

<!-- On your /callback page -->
<script src="https://auth.kynetra.dev/sdk/kynetra.js"></script>
<script>
  const auth = Kynetra({ publishableKey: 'pk_live_YOUR_KEY' });
  const session = auth.handleRedirectCallback();

  if (session) {
    const user = auth.getUser(); // decoded JWT: { sub, email, tid, … }
    window.location.href = '/dashboard';
  }
</script>
@kynetra/react

React provider + hooks + UI components

Install

npm install @kynetra/react

Includes

  • <KynetraProvider publishableKey> context
  • useKynetra() — full context (signInWith, handleRedirectCallback, …)
  • useUser() — decoded JWT payload
  • useAuth() — { isLoaded, isSignedIn, getToken, signOut }
  • <SignedIn> / <SignedOut> — conditional rendering
  • <SignIn redirectUrl> — renders provider buttons
  • <UserButton> — avatar + sign-out dropdown
  • TypeScript-first; peer deps react ≥ 17
example
import { KynetraProvider, SignedIn, SignedOut, SignIn, UserButton, useKynetra } from '@kynetra/react';

// 1. Wrap your app
export default function RootLayout({ children }) {
  return (
    <KynetraProvider publishableKey="pk_live_YOUR_KEY">
      {children}
    </KynetraProvider>
  );
}

// 2. Sign-in page
function SignInPage() {
  return (
    <>
      <SignedIn><UserButton afterSignOutUrl="/" /></SignedIn>
      <SignedOut>
        <SignIn redirectUrl="https://yoursite.com/callback" />
      </SignedOut>
    </>
  );
}

// 3. Callback page (e.g. /callback/page.tsx)
'use client';
import { useEffect } from 'react';
import { useKynetra } from '@kynetra/react';

export default function CallbackPage() {
  const { handleRedirectCallback } = useKynetra();
  useEffect(() => {
    const session = handleRedirectCallback();
    if (session) window.location.href = '/dashboard';
  }, [handleRedirectCallback]);
  return <p>Signing you in…</p>;
}
Server-side (any language)

Token introspection via HTTP — no SDK required

Setup

# No install — plain HTTP POST

Includes

  • POST /api/auth/introspect with your secret key
  • Returns { active, sub, email, tid, roles, scope, exp }
  • active: false for invalid, expired, or wrong-tenant tokens
  • Works from Node.js, Python, Go, Rust, PHP, Edge Workers, etc.
  • No shared secret on the client — secrets stay server-side
  • JWKS / RS256 local verification is a documented fast-follow
example
// Node.js / TypeScript
const res = await fetch('https://api.auth.kynetra.dev/api/auth/introspect', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.KYNETRA_SECRET_KEY}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ token: accessToken }),
});

const { active, sub, email, tid, roles, scope, exp } = await res.json();
if (!active) throw new Error('Token invalid or expired');

// sub  = user ID (UUID)
// tid  = tenant ID (UUID)
// exp  = UNIX timestamp (seconds)

// Python
import httpx
result = httpx.post(
  'https://api.auth.kynetra.dev/api/auth/introspect',
  headers={'Authorization': f'Bearer {SECRET_KEY}'},
  json={'token': access_token},
).json()
if not result['active']:
    raise PermissionError('Invalid token')

Supported providers

Enable providers per-tenant in Admin → Social Login. All five are supported: Google, Facebook, GitHub, Apple, Microsoft.

View API reference