> ## Documentation Index
> Fetch the complete documentation index at: https://docs.gateway.connexease.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Backend Integration

> Build the session-token proxy that keeps your secret key server-side, with Node/Express and FastAPI implementations.

Your secret key must stay server-side. The SDK's `fetchSessionToken` calls **your** endpoint; your endpoint forwards the request to the Connexease [Session API](/public-embedded-signup-sdk/api-endpoints) with the secret key and returns the payload to the SDK.

```text theme={null}
Browser (fetchSessionToken)
        │  POST /api/session ( YOUR API ) 
        ▼
Your Backend
        │  POST https://public-api.gateway.connexease.com/public/api/v1/wa/embedded-signup/sessions
        │  Authorization: Bearer <CONNEXEASE_SECRET_KEY>
        ▼
Connexease Sessions API
        │
        └── response flows back up → reaches the SDK
```

<Note>
  The proxy path (`/api/session` here) is **yours to choose** — the SDK calls whatever you put in `fetchSessionToken`. Put your own auth in front of it.
</Note>

<Note>
  **Don't hardcode the API base URL.** Read it from an env var with a production default so the same code works across local / staging / production.
</Note>

<Tabs>
  <Tab title="Node.js / Express">
    ```jsx theme={null}
    import express from 'express';

    const app = express();
    app.use(express.json());

    const CONNEXEASE_SECRET_KEY = process.env.CONNEXEASE_SECRET_KEY;
    const CONNEXEASE_API_BASE = process.env.CONNEXEASE_API_BASE ?? 'https://public-api.gateway.connexease.com';
    const SESSIONS_API = `${CONNEXEASE_API_BASE}/public/api/v1/wa/embedded-signup/sessions`;

    app.post('/api/session', async (req, res) => {
      // Authenticate the caller here (your own auth).

      try {
        const upstream = await fetch(SESSIONS_API, {
          method: 'POST',
          headers: {
            'Authorization': `Bearer ${CONNEXEASE_SECRET_KEY}`,
            'Content-Type': 'application/json',
          },
        });

        const data = await upstream.json();
        if (!upstream.ok) return res.status(upstream.status).json(data);

        // Connexease wraps the payload as { data: {...}, isSuccess: true }
        res.json(data.data ?? data);
      } catch (err) {
        res.status(500).json({ error: 'Failed to fetch session' });
      }
    });

    app.listen(3000);
    ```
  </Tab>

  <Tab title="FastAPI (Python)">
    ```python theme={null}
    import os
    import httpx
    from fastapi import FastAPI, HTTPException

    app = FastAPI()

    CONNEXEASE_SECRET_KEY = os.getenv("CONNEXEASE_SECRET_KEY")
    CONNEXEASE_API_BASE = os.getenv("CONNEXEASE_API_BASE", "https://public-api.gateway.connexease.com")
    SESSIONS_API = f"{CONNEXEASE_API_BASE}/public/api/v1/wa/embedded-signup/sessions"

    @app.post("/api/session")
    async def create_session():
        if not CONNEXEASE_SECRET_KEY:
            raise HTTPException(status_code=500, detail="CONNEXEASE_SECRET_KEY is not configured")

        async with httpx.AsyncClient(timeout=10.0) as client:
            upstream = await client.post(
                SESSIONS_API,
                headers={"Authorization": f"Bearer {CONNEXEASE_SECRET_KEY}"},
                json={},
            )

        data = upstream.json()
        if upstream.status_code >= 400:
            raise HTTPException(status_code=upstream.status_code, detail=data)

        # Connexease wraps the payload as { "data": {...}, "isSuccess": true }
        return data.get("data", data)
    ```
  </Tab>
</Tabs>

`.env`:

```bash theme={null}
CONNEXEASE_SECRET_KEY=sk_xxxxxxxxxxxxxxxxxxxxxx
CONNEXEASE_API_BASE=https://public-api.gateway.connexease.com   # optional; defaults to production/
```
