@holdify/express

npm install @holdify/express

import express from 'express';
import { holdifyMiddleware } from '@holdify/express';

const app = express();

// Protect all /api routes
app.use('/api', holdifyMiddleware({
  apiKey: process.env.HOLDIFY_PROJECT_KEY,
}));

app.get('/api/data', (req, res) => {
  // Verification result available on req.holdify
  const { remaining, plan } = req.holdify;

  res.json({ data: 'protected', remaining });
});

app.listen(3000);

holdifyMiddleware({
  // Required
  apiKey: process.env.HOLDIFY_PROJECT_KEY,

  // Optional: Custom API URL
  baseUrl: 'https://api.holdify.io',

  // Optional: Custom key extraction
  getKey: (req) => {
    return req.headers['x-custom-key'];
  },

  // Optional: Custom error handling
  onError: (error, req, res) => {
    res.status(error.statusCode || 500).json({
      error: error.code,
      message: error.message,
    });
  },

  // Optional: Success callback
  onSuccess: (result, req) => {
    console.log(`Verified: ${result.remaining} remaining`);
  },
});

holdifyMiddleware({
  apiKey: process.env.HOLDIFY_PROJECT_KEY,
  getKey: (req) => {
    // Your custom logic
    return req.headers['x-my-api-key'];
  },
});

app.get('/api/data', (req, res) => {
  // Always available after middleware
  const {
    valid,        // boolean
    remaining,    // number
    limit,        // number
    reset,        // unix timestamp
    plan,         // string
    entitlements  // string[]
  } = req.holdify;

  // Check entitlements
  if (req.holdify.entitlements?.includes('feature:premium')) {
    // Premium access
  }
});

// Only protect specific routes
app.use('/api/protected', holdifyMiddleware({ apiKey }));

// Public routes (no middleware)
app.get('/api/public', (req, res) => {
  res.json({ public: true });
});

import type { Request } from 'express';
import type { VerifyResult } from '@holdify/express';

// req.holdify is typed
app.get('/api/data', (req: Request, res) => {
  const result: VerifyResult = req.holdify;
});