The snippet below is exactly what the dashboard generates under Project > Settings > Identity when you choose Python. Copy it from the dashboard to get your real project ID and audience URL pre-filled.
Install
pip install PyJWT
Mint a token
# pip install PyJWT
import os, time
import jwt
now = int(time.time())
payload = {
"sub": user.id,
"email": user.email,
"traits": {"plan": user.plan, "amount": user.plan_amount, "interval": user.billing_interval}, # amount in cents; interval "month" | "year"
"aud": "https://reqio.app/p/YOUR_PROJECT_ID",
"iat": now,
"exp": now + 300,
}
token = jwt.encode(payload, os.environ["REQIO_SECRET"], algorithm="HS256")
Replace YOUR_PROJECT_ID with your project ID, or copy the full snippet from the dashboard where the audience URL is pre-filled.
Environment variable
Set REQIO_SECRET to the signing secret from Project > Settings > Identity > Reveal secret. Store it server-side only; never include it in responses sent to the browser.
Django example
# views.py
import os, time
import jwt
from django.contrib.auth.decorators import login_required
from django.shortcuts import render
@login_required
def my_view(request):
now = int(time.time())
token = jwt.encode(
{
"sub": str(request.user.pk),
"email": request.user.email,
"traits": {"plan": getattr(request.user, "plan", None)},
"aud": os.environ["REQIO_AUDIENCE"],
"iat": now,
"exp": now + 300,
},
os.environ["REQIO_SECRET"],
algorithm="HS256",
)
return render(request, "my_page.html", {"reqio_token": token})
{# my_page.html #}
<script
src="https://reqio.app/widget.js"
data-project-id="{{ project_id }}"
data-identity-token="{{ reqio_token }}"
async
></script>
Store the audience URL (e.g. https://reqio.app/p/proj_abc123) in REQIO_AUDIENCE so you do not hardcode it.
Flask example
import os, time
import jwt
from flask import render_template
from flask_login import current_user, login_required
@app.route("/dashboard")
@login_required
def dashboard():
now = int(time.time())
token = jwt.encode(
{
"sub": str(current_user.id),
"email": current_user.email,
"traits": {"plan": getattr(current_user, "plan", None)},
"aud": os.environ["REQIO_AUDIENCE"],
"iat": now,
"exp": now + 300,
},
os.environ["REQIO_SECRET"],
algorithm="HS256",
)
return render_template("dashboard.html", reqio_token=token)
Pass the token to the widget
For server-rendered templates, pass the token via data-identity-token:
<script
src="https://reqio.app/widget.js"
data-project-id="YOUR_PROJECT_ID"
data-identity-token="{{ reqio_token }}"
async
></script>
For SPAs where the user authenticates after the initial page load, call window.Reqio.identify() from JavaScript after login:
window.Reqio.identify(token);
Traits reference
| Field | Type | Description |
|---|---|---|
| plan | str | Plan name on your billing system, e.g. "pro". |
| amount | int | Recurring charge as billed, in cents. For annual plans send the full annual total; Reqio divides by 12 to derive the monthly value. |
| interval | "month" or "year" | Billing cadence for amount. |
Security
Store REQIO_SECRET in an environment variable and never include it in responses sent to the browser. The JWT is safe to send to clients because it is short-lived, audience-bound, and contains only the claims you choose to include.