The snippet below is exactly what the dashboard generates under Project > Settings > Identity when you choose Next.js or Node.js. Copy it from the dashboard to get your real project ID and audience URL pre-filled.
Install
npm install jose
Mint a token (Next.js -- ESM)
// npm install jose
import { SignJWT } from "jose";
const secret = new TextEncoder().encode(process.env.REQIO_SECRET!);
const now = Math.floor(Date.now() / 1000);
const token = await new SignJWT({
sub: user.id,
email: user.email,
traits: { plan: user.plan, amount: user.planAmount, interval: user.billingInterval }, // amount in cents; interval "month" | "year"
})
.setProtectedHeader({ alg: "HS256" })
.setAudience("https://reqio.app/p/YOUR_PROJECT_ID")
.setIssuedAt(now)
.setExpirationTime(now + 300)
.sign(secret);
Mint a token (Node.js -- CommonJS)
// npm install jose
const { SignJWT } = require("jose");
const secret = new TextEncoder().encode(process.env.REQIO_SECRET);
const now = Math.floor(Date.now() / 1000);
const token = await new SignJWT({
sub: user.id,
email: user.email,
traits: { plan: user.plan, amount: user.planAmount, interval: user.billingInterval }, // amount in cents; interval "month" | "year"
})
.setProtectedHeader({ alg: "HS256" })
.setAudience("https://reqio.app/p/YOUR_PROJECT_ID")
.setIssuedAt(now)
.setExpirationTime(now + 300)
.sign(secret);
Replace YOUR_PROJECT_ID with your project ID, or copy the full snippet from the dashboard where the audience URL is pre-filled.
Environment variable
Set REQIO_SECRET to the signing secret from Project > Settings > Identity > Reveal secret. Store it server-side only; never expose it to the browser.
Pass the token to the widget
For server-rendered pages, pass the token inline on the script tag so no client fetch is needed:
<script
src="https://reqio.app/widget.js"
data-project-id="YOUR_PROJECT_ID"
data-identity-token="<your minted token>"
async
></script>
For SPAs where the user authenticates after the initial page load, call window.Reqio.identify() after login:
window.Reqio.identify(token);
Traits reference
| Field | Type | Description |
|---|---|---|
| plan | string | Plan name on your billing system, e.g. "pro". |
| amount | number | Recurring charge as billed, in cents. For annual plans send the full annual total; Reqio divides by 12 to derive the monthly value. |
| interval | "month" or "year" | Billing cadence for amount. |
Security
REQIO_SECRET is the symmetric key for all tokens in your project. Exposure would allow anyone to mint arbitrary identity tokens. Tokens are short-lived (300 seconds) and audience-bound to one project URL, so a leaked token cannot be replayed against a different project.