Guides

Auth and `user_token`

Connect your login system to VisibleBase token issuance.

VisibleBase does not host your user system. It only requires a verifiable user_token on product-side requests.

After a user logs in, issue a VisibleBase token through AdminClient:

const user = await admin.tokens.apply({
  product_id: "prod_xxx",
  user_id: session.user.id,
  metadata: {
    plan: session.user.plan,
  },
  ttl: "7d",
});

Then give the product side two values:

product_id
user_token

If you do not have a heavy backend yet

For new pure-client products, keep token issuance near one shared Base instead of building a separate service per product.

What the token should not do

Do not put provider keys into the token.
Do not put private billing rules into the token.
Do not let the client hold VISIBLEBASE_ADMIN_SECRET_KEY.

The token only needs to express who the user is and which business metadata should travel with the request.

Many Products, One Base

How one Base can serve multiple products without mixing product differences with shared infrastructure.

provider env 管理

如何集中管理模型供应商 key 和 base_url。

On this page

If you already have login If you do not have a heavy backend yet What the token should not do