Skip to main content

Access Token Blacklisting

Once this feature is enabled, each session verification attempt will result in a database call. This will make sure that if session revocation has taken place, access tokens on the front end will be stop working immediately.

caution

On enabling this feature there will be a database call for each session verification attempt. This may slow down all of your API calls.

You can enable this feature by setting the value in the core config:

 docker run \
-p 3567:3567 \
-e ACCESS_TOKEN_BLACKLISTING=true \
-d registry.supertokens.io/supertokens/supertokens-<db_name>
important
  • Once updated, please make sure to restart the backend API layer which uses our backend SDK.
  • For managed service, this values can be updated by visiting our dashboard.
Which frontend SDK do you use?
supertokens-web-js / mobile
supertokens-auth-react