@unitpay/react exchanges it for a customer-scoped billing UI — no secret key ever leaves your backend.
The token is a short-lived JWT scoped to one customer. Pass it to
<UnitPayProvider portalToken={…}>; every hook and component in the React SDK reads the customer from it.unitpay.portalSessions.create
Mints a portal session for one customer and returns the token to embed in your frontend. Parameters —CreatePortalSessionParams:
The customer this session grants access to.
Token lifetime in seconds. Min
60, max 86400.Promise<PortalSession>:
The JWT to pass to
<UnitPayProvider portalToken={…}>.ISO-8601 timestamp when the token expires.
app/api/portal-session/route.ts
unitpay.portalSessions.revoke
Invalidates portal tokens before they expire — for logout, or when a customer’s access changes. Revoke a single session by itsjti, or every active session for a customer.
Parameters — RevokePortalSessionParams (one of):
Revoke a single session by its JWT ID.
Revoke all active sessions for this customer.
Promise<void>.
See also
React SDK
Build the customer-facing billing UI the token powers.
UnitPayProvider
Where the portal token is consumed.