Skip to content

Developer

Ruby

Mint Reqio HS256 identity tokens on a Ruby server using the jwt gem. Compatible with Rails, Sinatra, and any Ruby 2.7+ framework.

The snippet below is exactly what the dashboard generates under Project > Settings > Identity when you choose Ruby. Copy it from the dashboard to get your real project ID and audience URL pre-filled.

Install

gem install jwt

Or add to your Gemfile:

gem "jwt"

Mint a token

# gem install jwt
require "jwt"

now = Time.now.to_i
payload = {
  sub:    current_user.id,
  email:  current_user.email,
  traits: { plan: current_user.plan, amount: current_user.plan_amount, interval: current_user.billing_interval }, # amount in cents; interval "month" | "year"
  aud:    "https://reqio.app/p/YOUR_PROJECT_ID",
  iat:    now,
  exp:    now + 300,
}
token = JWT.encode(payload, ENV["REQIO_SECRET"], "HS256")

Replace YOUR_PROJECT_ID with your project ID, or copy the full snippet from the dashboard where the audience URL is pre-filled.

Environment variable

Set REQIO_SECRET to the signing secret from Project > Settings > Identity > Reveal secret. Store it via Rails credentials, dotenv, or your hosting platform's secret management; never render it into responses.

Rails example

# app/controllers/application_controller.rb
require "jwt"

class ApplicationController < ActionController::Base
  before_action :set_reqio_token, if: :user_signed_in?

  private

  def set_reqio_token
    now = Time.now.to_i
    @reqio_token = JWT.encode(
      {
        sub:    current_user.id.to_s,
        email:  current_user.email,
        traits: { plan: current_user.plan },
        aud:    ENV["REQIO_AUDIENCE"],
        iat:    now,
        exp:    now + 300,
      },
      ENV["REQIO_SECRET"],
      "HS256"
    )
  end
end
<%# app/views/layouts/application.html.erb %>
<% if @reqio_token %>
  <script
    src="https://reqio.app/widget.js"
    data-project-id="<%= ENV['REQIO_PROJECT_ID'] %>"
    data-identity-token="<%= @reqio_token %>"
    async
  ></script>
<% end %>

Store the audience URL in REQIO_AUDIENCE so you do not hardcode it.

Sinatra example

require "sinatra"
require "jwt"

get "/dashboard" do
  halt 401 unless session[:user_id]

  now = Time.now.to_i
  @reqio_token = JWT.encode(
    {
      sub: session[:user_id].to_s,
      aud: ENV["REQIO_AUDIENCE"],
      iat: now,
      exp: now + 300,
    },
    ENV["REQIO_SECRET"],
    "HS256"
  )

  erb :dashboard
end

Pass the token to the widget

For server-rendered templates, pass the token via data-identity-token:

<script
  src="https://reqio.app/widget.js"
  data-project-id="<%= ENV['REQIO_PROJECT_ID'] %>"
  data-identity-token="<%= @reqio_token %>"
  async
></script>

For SPAs where the user authenticates after the initial page load, call window.Reqio.identify() from JavaScript after login:

window.Reqio.identify(token);

Traits reference

| Field | Type | Description | |---|---|---| | plan | String | Plan name on your billing system, e.g. "pro". | | amount | Integer | Recurring charge as billed, in cents. For annual plans send the full annual total; Reqio divides by 12 to derive the monthly value. | | interval | "month" or "year" | Billing cadence for amount. |

Security

Store REQIO_SECRET in your environment and never render it into responses. The JWT is short-lived and audience-bound to one Reqio project. The signing secret must remain server-side.