Skip to content

Developer

Python

Mint Reqio HS256 identity tokens on a Python server using PyJWT. Compatible with Django, Flask, FastAPI, and any Python 3.8+ framework.

The snippet below is exactly what the dashboard generates under Project > Settings > Identity when you choose Python. Copy it from the dashboard to get your real project ID and audience URL pre-filled.

Install

pip install PyJWT

Mint a token

# pip install PyJWT
import os, time
import jwt

now = int(time.time())
payload = {
    "sub": user.id,
    "email": user.email,
    "traits": {"plan": user.plan, "amount": user.plan_amount, "interval": user.billing_interval},  # amount in cents; interval "month" | "year"
    "aud": "https://reqio.app/p/YOUR_PROJECT_ID",
    "iat": now,
    "exp": now + 300,
}
token = jwt.encode(payload, os.environ["REQIO_SECRET"], algorithm="HS256")

Replace YOUR_PROJECT_ID with your project ID, or copy the full snippet from the dashboard where the audience URL is pre-filled.

Environment variable

Set REQIO_SECRET to the signing secret from Project > Settings > Identity > Reveal secret. Store it server-side only; never include it in responses sent to the browser.

Django example

# views.py
import os, time
import jwt
from django.contrib.auth.decorators import login_required
from django.shortcuts import render

@login_required
def my_view(request):
    now = int(time.time())
    token = jwt.encode(
        {
            "sub": str(request.user.pk),
            "email": request.user.email,
            "traits": {"plan": getattr(request.user, "plan", None)},
            "aud": os.environ["REQIO_AUDIENCE"],
            "iat": now,
            "exp": now + 300,
        },
        os.environ["REQIO_SECRET"],
        algorithm="HS256",
    )
    return render(request, "my_page.html", {"reqio_token": token})
{# my_page.html #}
<script
  src="https://reqio.app/widget.js"
  data-project-id="{{ project_id }}"
  data-identity-token="{{ reqio_token }}"
  async
></script>

Store the audience URL (e.g. https://reqio.app/p/proj_abc123) in REQIO_AUDIENCE so you do not hardcode it.

Flask example

import os, time
import jwt
from flask import render_template
from flask_login import current_user, login_required

@app.route("/dashboard")
@login_required
def dashboard():
    now = int(time.time())
    token = jwt.encode(
        {
            "sub": str(current_user.id),
            "email": current_user.email,
            "traits": {"plan": getattr(current_user, "plan", None)},
            "aud": os.environ["REQIO_AUDIENCE"],
            "iat": now,
            "exp": now + 300,
        },
        os.environ["REQIO_SECRET"],
        algorithm="HS256",
    )
    return render_template("dashboard.html", reqio_token=token)

Pass the token to the widget

For server-rendered templates, pass the token via data-identity-token:

<script
  src="https://reqio.app/widget.js"
  data-project-id="YOUR_PROJECT_ID"
  data-identity-token="{{ reqio_token }}"
  async
></script>

For SPAs where the user authenticates after the initial page load, call window.Reqio.identify() from JavaScript after login:

window.Reqio.identify(token);

Traits reference

| Field | Type | Description | |---|---|---| | plan | str | Plan name on your billing system, e.g. "pro". | | amount | int | Recurring charge as billed, in cents. For annual plans send the full annual total; Reqio divides by 12 to derive the monthly value. | | interval | "month" or "year" | Billing cadence for amount. |

Security

Store REQIO_SECRET in an environment variable and never include it in responses sent to the browser. The JWT is safe to send to clients because it is short-lived, audience-bound, and contains only the claims you choose to include.