The snippet below is exactly what the dashboard generates under Project > Settings > Identity when you choose Ruby. Copy it from the dashboard to get your real project ID and audience URL pre-filled.
Install
gem install jwt
Or add to your Gemfile:
gem "jwt"
Mint a token
# gem install jwt
require "jwt"
now = Time.now.to_i
payload = {
sub: current_user.id,
email: current_user.email,
traits: { plan: current_user.plan, amount: current_user.plan_amount, interval: current_user.billing_interval }, # amount in cents; interval "month" | "year"
aud: "https://reqio.app/p/YOUR_PROJECT_ID",
iat: now,
exp: now + 300,
}
token = JWT.encode(payload, ENV["REQIO_SECRET"], "HS256")
Replace YOUR_PROJECT_ID with your project ID, or copy the full snippet from the dashboard where the audience URL is pre-filled.
Environment variable
Set REQIO_SECRET to the signing secret from Project > Settings > Identity > Reveal secret. Store it via Rails credentials, dotenv, or your hosting platform's secret management; never render it into responses.
Rails example
# app/controllers/application_controller.rb
require "jwt"
class ApplicationController < ActionController::Base
before_action :set_reqio_token, if: :user_signed_in?
private
def set_reqio_token
now = Time.now.to_i
@reqio_token = JWT.encode(
{
sub: current_user.id.to_s,
email: current_user.email,
traits: { plan: current_user.plan },
aud: ENV["REQIO_AUDIENCE"],
iat: now,
exp: now + 300,
},
ENV["REQIO_SECRET"],
"HS256"
)
end
end
<%# app/views/layouts/application.html.erb %>
<% if @reqio_token %>
<script
src="https://reqio.app/widget.js"
data-project-id="<%= ENV['REQIO_PROJECT_ID'] %>"
data-identity-token="<%= @reqio_token %>"
async
></script>
<% end %>
Store the audience URL in REQIO_AUDIENCE so you do not hardcode it.
Sinatra example
require "sinatra"
require "jwt"
get "/dashboard" do
halt 401 unless session[:user_id]
now = Time.now.to_i
@reqio_token = JWT.encode(
{
sub: session[:user_id].to_s,
aud: ENV["REQIO_AUDIENCE"],
iat: now,
exp: now + 300,
},
ENV["REQIO_SECRET"],
"HS256"
)
erb :dashboard
end
Pass the token to the widget
For server-rendered templates, pass the token via data-identity-token:
<script
src="https://reqio.app/widget.js"
data-project-id="<%= ENV['REQIO_PROJECT_ID'] %>"
data-identity-token="<%= @reqio_token %>"
async
></script>
For SPAs where the user authenticates after the initial page load, call window.Reqio.identify() from JavaScript after login:
window.Reqio.identify(token);
Traits reference
| Field | Type | Description |
|---|---|---|
| plan | String | Plan name on your billing system, e.g. "pro". |
| amount | Integer | Recurring charge as billed, in cents. For annual plans send the full annual total; Reqio divides by 12 to derive the monthly value. |
| interval | "month" or "year" | Billing cadence for amount. |
Security
Store REQIO_SECRET in your environment and never render it into responses. The JWT is short-lived and audience-bound to one Reqio project. The signing secret must remain server-side.