QyzarQyzar/

Docs

Dashboard

Start

  • Overview
  • Quick start

SDKs

  • Browser SDK
  • Server helper

Guides

  • Client tokens
  • Verify sessions
  • Rate limiting
  • Uptime & status

API

  • API basics
  • HTTP routes

~2 min read

Quick start

From zero to a working check: install packages, keep secrets on the server, wrap your app, and verify sessions on protected routes.

What you need

  • project id (public) and project secret (server only) from the dashboard.
  • Your app served on the same domain where verification runs (so cookies work).
  • Node 20+ if you use the server helper.

Install

terminal
$ npm install @tnuser/qyzar-client @tnuser/qyzar-server

Five steps

  1. Put the project secret in server env only — never in the browser bundle.
  2. On your server, mint a client token and pass it to the React layout.
  3. Wrap your app with Qyzar or QyzarSiteLayout (Browser SDK).
  4. After verify, the SDK sets qyzar_session_id and qyzar_session_token cookies — read them with getConnectSessionId() / getConnectSessionToken() or forward Cookie on the server (Client tokens, Verify sessions).
  5. Add allowed domains in project settings so real users are not blocked.

Checklist

  • Secret never appears in client code or NEXT_PUBLIC_* vars.
  • Protected API routes call Qyzar before side effects.
  • Client token is refreshed when the connect session changes.

API base URL (production): https://apisecure.qyzar.eu. Live connection default: wss://ws1.qyzar.eu.