Documentation Index Fetch the complete documentation index at: https://mintlify.com/workos/workos-node/llms.txt
Use this file to discover all available pages before exploring further.
The WorkOS SDK provides flexible configuration options to customize its behavior for your application.
Basic configuration The simplest way to configure the WorkOS client is by providing an API key:
Environment Variables
String Parameter
Options Object
WORKOS_API_KEY = "sk_test_1234567890" WORKOS_CLIENT_ID = "client_1234567890"
import { WorkOS } from '@workos-inc/node' ; // Automatically reads from environment variables const workos = new WorkOS ();
import { WorkOS } from '@workos-inc/node' ; const workos = new WorkOS ( 'sk_test_1234567890' );
import { WorkOS } from '@workos-inc/node' ; const workos = new WorkOS ({ apiKey: 'sk_test_1234567890' , clientId: 'client_1234567890' , });
Configuration options The WorkOSOptions interface supports the following configuration parameters:
API credentials Your WorkOS API key from the dashboard. Required for server-side applications. const workos = new WorkOS ({ apiKey: 'sk_test_1234567890' , });
Your WorkOS client ID. Required for authentication flows. const workos = new WorkOS ({ apiKey: 'sk_test_1234567890' , clientId: 'client_1234567890' , });
Network configuration apiHostname
string
default: "api.workos.com"
Custom API hostname for self-hosted or regional deployments. const workos = new WorkOS ({ apiKey: 'sk_test_1234567890' , apiHostname: 'api.eu.workos.com' , });
Whether to use HTTPS protocol. Set to false for local development. const workos = new WorkOS ({ apiKey: 'sk_test_1234567890' , https: false , port: 3000 , });
Custom port for API requests. Useful for local development or proxy setups. const workos = new WorkOS ({ apiKey: 'sk_test_1234567890' , port: 8080 , });
Request timeout in milliseconds. const workos = new WorkOS ({ apiKey: 'sk_test_1234567890' , timeout: 10000 , // 10 seconds });
Advanced options Additional fetch configuration options (headers, signal, etc.). const workos = new WorkOS ({ apiKey: 'sk_test_1234567890' , config: { headers: { 'X-Custom-Header' : 'value' , }, }, });
Application metadata for tracking and debugging. const workos = new WorkOS ({ apiKey: 'sk_test_1234567890' , appInfo: { name: 'MyApp' , version: '1.0.0' , }, });
This information is included in the User-Agent header for all requests. Custom fetch implementation. Useful for testing or proxying requests. const workos = new WorkOS ({ apiKey: 'sk_test_1234567890' , fetchFn: customFetch , });
Public client configuration For applications that cannot securely store an API key (mobile apps, CLI tools, browser apps), initialize with only a client ID:
import { WorkOS } from '@workos-inc/node' ; const workos = new WorkOS ({ clientId: 'client_1234567890' , // No apiKey required });
Public clients can only use PKCE-based authentication methods. Server-side methods requiring an API key will throw an error.
Type-safe factory function For compile-time type safety, use the createWorkOS factory function:
import { createWorkOS } from '@workos-inc/node' ; // Public client - TypeScript enforces PKCE-only methods const publicWorkos = createWorkOS ({ clientId: 'client_123' , }); // TypeScript allows this await publicWorkos . userManagement . getAuthorizationUrlWithPKCE ({ ... }); // TypeScript error - listUsers requires API key await publicWorkos . userManagement . listUsers (); // ❌ Error! // Confidential client - full access const workos = createWorkOS ({ apiKey: process . env . WORKOS_API_KEY ! , clientId: 'client_123' , }); // Both methods work await workos . userManagement . listUsers (); // ✅ OK
The createWorkOS factory function does not read from environment variables. Pass credentials explicitly for predictable type inference.
Environment-specific configuration Configure the SDK differently for development, staging, and production:
Development
Production
Regional (EU)
import { WorkOS } from '@workos-inc/node' ; const workos = new WorkOS ({ apiKey: process . env . WORKOS_API_KEY , clientId: process . env . WORKOS_CLIENT_ID , // Use local development settings https: false , port: 3000 , timeout: 30000 , // Longer timeout for debugging });
Add custom headers to all API requests:
import { WorkOS } from '@workos-inc/node' ; const workos = new WorkOS ({ apiKey: 'sk_test_1234567890' , config: { headers: { 'X-Custom-Header' : 'value' , 'X-Request-ID' : 'unique-request-id' , }, }, });
Custom headers are merged with default headers. The SDK automatically adds User-Agent and Authorization headers.
PKCE with confidential clients Server-side applications can use PKCE alongside the client secret for enhanced security (recommended by OAuth 2.1):
import { WorkOS } from '@workos-inc/node' ; const workos = new WorkOS ( 'sk_test_1234567890' ); // Use PKCE even with API key for additional security const { url , codeVerifier } = await workos . userManagement . getAuthorizationUrlWithPKCE ({ provider: 'authkit' , redirectUri: 'https://example.com/callback' , clientId: workos . clientId ! , }); // Both client_secret AND code_verifier will be sent const { accessToken } = await workos . userManagement . authenticateWithCode ({ code: authorizationCode , codeVerifier , clientId: workos . clientId ! , });
Checking the SDK version You can check which version of the SDK is running:
import { WorkOS } from '@workos-inc/node' ; const workos = new WorkOS (); console . log ( 'WorkOS SDK version:' , workos . version );
Next steps
Quickstart Build your first integration with WorkOS
User Management Set up authentication and user management
SSO Integration Configure Single Sign-On
Webhooks Handle WorkOS webhook events