Downcity City DocsGuides

Auth and `user_token`

Connect your login system to Downcity token issuance.

Downcity does not host your user system. It only requires a verifiable user_token on studio-side requests.

After a user logs in, issue a Downcity token through AdminClient:

const user = await admin.studios.tokens.apply({
  studio_id: "studio_xxx",
  user_id: session.user.id,
  metadata: {
    plan: session.user.plan,
  },
  ttl: "7d",
});

Then give the studio side two values:

studio_id
user_token

If you do not have a heavy backend yet

For new pure-client studios, keep token issuance near one shared City instead of building a separate service per studio.

What the token should not do

Do not put provider keys into the token.
Do not put private billing rules into the token.
Do not let the client hold DOWNCITY_CITY_ADMIN_SECRET_KEY.

The token only needs to express who the user is and which business metadata should travel with the request.

Stripe Payment Service

Use @downcity/services to turn one-time Stripe payments into global balance topups.

Provider Environment Variables

How to configure provider API keys in the City environment.

Table of Contents

If you already have login If you do not have a heavy backend yet What the token should not do