Domain Setup & Configuration
Creating a Domain
- Sign in to the reauth.dev dashboard
- Click Create Domain
- Enter your root domain (e.g.,
yourdomain.com)
reauth hosts your auth pages and API at reauth.yourdomain.com.
DNS Verification
Add these records to your DNS provider:
| Type | Name | Value |
|---|---|---|
| CNAME | reauth.yourdomain.com | ingress.reauth.dev |
| TXT | _reauth.yourdomain.com | (shown in dashboard) |
Verification typically takes a few minutes. The dashboard shows real-time status.
API Keys
Generate an API key from the domain settings page. You'll get a key like sk_live_....
Store it securely — the key is shown only once:
# .env (server-side only, never expose in browser)
REAUTH_API_KEY=sk_live_your_key_here
REAUTH_DOMAIN=yourdomain.com
The API key is used for:
- Server SDK initialization (
createServerClient) - Balance operations (charge, deposit)
- User management (getUserById)
- JWT secret derivation (automatic, no action needed)
The browser client does not need an API key — it uses session cookies.
Auth Methods
Configure which login methods are available in the dashboard:
Magic Link (default)
Passwordless email login. Users receive a link that logs them in when clicked. No additional configuration needed.
Google OAuth
- Create a Google OAuth app in Google Cloud Console
- Add
https://reauth.yourdomain.com/callback/googleas an authorized redirect URI - Enter your Client ID and Client Secret in the reauth dashboard
X (Twitter) OAuth
- Create a Twitter app in the Twitter Developer Portal
- Add
https://reauth.yourdomain.com/callback/twitteras a callback URL - Enter your API Key and API Secret in the reauth dashboard
Redirect URLs
Configure where users are sent after authentication:
- Redirect URL: Where users land after login (e.g.,
https://yourdomain.com/dashboard) - Callback URL Allowlist: Valid callback URLs for headless magic link flows
Headless Mode
Enable headless mode in the dashboard to allow custom login UIs. When enabled, clients can use:
requestMagicLink()with a customcallbackUrlstartGoogleOAuth()/startTwitterOAuth()for OAuth flowsgetConfig()to check which auth methods are available
See auth-flows.md for headless implementation details.
Test vs Live Mode (Billing)
If you use billing features, you can connect Stripe in two modes:
- Test mode: Uses Stripe test keys, no real charges. Use test card
4242 4242 4242 4242. - Live mode: Uses Stripe live keys, processes real payments.
Switch between modes in the domain billing settings. See billing.md for details.
Environment Variables
| Variable | Required | Used by | Description |
|---|---|---|---|
REAUTH_DOMAIN | Yes | Client + Server | Your verified domain (e.g., yourdomain.com) |
REAUTH_API_KEY | Server only | Server SDK | API key from dashboard (sk_live_...) |