• Wrap an app router API route to check that the user has a valid session. If they're not logged in the handler will return a 401 Unauthorized.

    // app/protected-api/route.js
    import { withApiAuthRequired, getSession } from '@auth0/nextjs-auth0';

    export default withApiAuthRequired(function Protected(req) {
    const session = getSession();
    ...
    });

    If you visit /protected-api without a valid session cookie, you will get a 401 response.

    Parameters

    Returns AppRouteHandlerFn

  • Wrap a page router API route to check that the user has a valid session. If they're not logged in the handler will return a 401 Unauthorized.

    // pages/api/protected-route.js
    import { withApiAuthRequired, getSession } from '@auth0/nextjs-auth0';

    export default withApiAuthRequired(function ProtectedRoute(req, res) {
    const session = getSession(req, res);
    ...
    });

    If you visit /api/protected-route without a valid session cookie, you will get a 401 response.

    Parameters

    • apiRoute: NextApiHandler<any>

    Returns NextApiHandler<any>