Skip to main content
Your secret key must stay server-side. The SDK’s fetchSessionToken calls your endpoint; your endpoint forwards the request to the Connexease Session API with the secret key and returns the payload to the SDK.
The proxy path (/api/session here) is yours to choose — the SDK calls whatever you put in fetchSessionToken. Put your own auth in front of it.
Don’t hardcode the API base URL. Read it from an env var with a production default so the same code works across local / staging / production.
.env: