Implementing Client Sessions for Device Management in the Backend
Learn how to use client sessions to control your users' access to devices.
If you are developing an application with multiple customers connecting their devices, client sessions are a practical way to manage device access for each user. This topic provides an example of implementing client sessions in the backend, ensuring that users can access only the devices that they own.
Connect Your Users' Accounts Using a Client Session
When connecting your customers' devices, you can create a client session for each customer and associate this session with any Connect Webviews that you issue to them.
// Pass your API key to the Seam constructor to authorize access // to your Seam workspace.// Set your API key. Remember to switch to your live API key // in production.constseam=newSeam("YOUR_API_KEY")// Get or create a client session using your own internal user // ID as the user_identifier_key.constuser_identifier_key="xxxx"constclient_session=awaitseam.clientSessions.get_or_create({ user_identifier_key})// Create a Connect Webview and link the Connect Webview to the // client session, using the user_identifier_key to identify the // desired client session.constconnect_webview=awaitseam.connectWebviews.create()awaitseam.clientSessions.grant_access({ user_identifier_key, connect_webview_ids: [connect_webview.connect_webview_id],})// Share the URL of the Connect Webview with the user to enable // them connect their devices.constconnect_webview_url=connect_webview.url
Filter for a User's Devices with the User Identifier Key
You can use the user_identifier_key to retrieve a list of devices that only includes the ones that a specific user owns.
You can also use the user_identifier_key to ensure that a user has the authorization to interact with a device.
consthandleUnlock=async (req, res) => {// Retrieve the internal user ID used to set the // user_identifier_key.constuser_identifier_key=req.auth.userId// The application user specifies a device to unlock from // among the filtered set of devices.constdevice_id=req.body.device_id// Confirm that the selected device is, indeed, among the // set of devices that the user owns.constdevices=awaitseam.devices.list({ user_identifier_key, device_ids: [device_id], }) if (devices.length===0) returnres.send(401).end()// Trigger an action on the device, like unlocking the door.awaitseam.devices.unlock_door({ device_id })res.send(204)}
