Skip to Content
GuidesServer-Side SDK

Server-Side SDK

Use the Myco SDK in your Cloudflare Worker for server-side operations.

Overview

The Server SDK lets you access Myco’s API from your Cloudflare Worker. Use it for:

  • Verifying user authentication
  • Server-side data operations
  • Building protected API endpoints
  • Workspace management

Setup

import { createServerSDK } from "@myco-dev/sdk/server";
 
const sdk = createServerSDK(
  { MYCO_APP_KEY: c.env.MYCO_APP_KEY },
  c.req.raw  // The incoming Request object
);

The Server SDK reads the JWT from the request’s app_jwt cookie and includes it in all API calls.

Authentication

Verify user

const { user, jwt } = await sdk.auth.getVerifiedUser();
 
if (!user) {
  return c.json({ error: "Unauthorized" }, 401);
}
 
// user: { userId, email?, name? }

Generate login URL

const loginUrl = sdk.auth.getLoginUrl("https://myapp.com/dashboard");
// Redirects user to Myco login, then back to the return URL

Auth middleware pattern

The Vibekit template includes auth middleware that runs for all /api/* routes:

app.use("/api/*", async (c, next) => {
  if (c.req.path === "/api/health") return next(); // Skip public routes
 
  const sdk = createServerSDK({ MYCO_APP_KEY: c.env.MYCO_APP_KEY }, c.req.raw);
  const { user } = await sdk.auth.getVerifiedUser();
  c.set("user", user);
 
  return next();
});
 
// Now access user in any route:
app.get("/api/me", (c) => {
  const user = c.get("user");
  if (!user) return c.json({ error: "Unauthorized" }, 401);
  return c.json({ user });
});

Data operations

The Server SDK provides the same CRUD operations as the client SDK:

Entities

const entities = await sdk.data.getEntities();
const entity = await sdk.data.getEntity("contact");

Records

// List with pagination
const { records, pagination } = await sdk.data.getRecords("contact", {
  page: 1,
  pageSize: 20,
  sort: "createdAt",
  order: "desc",
});
 
// Single record
const record = await sdk.data.getRecord("contact", recordId);
 
// Create
const newRecord = await sdk.data.createRecord("contact", {
  name: "Jane",
  email: "jane@example.com",
});
 
// Update
const updated = await sdk.data.updateRecord("contact", recordId, {
  company: "Acme",
});
 
// Delete
await sdk.data.deleteRecord("contact", recordId);
 
// Batch fetch
const records = await sdk.data.batchGetRecords([id1, id2, id3]);

Workspace management

// List user's workspaces
const workspaces = await sdk.workspace.list();
 
// Get current workspace
const workspace = await sdk.workspace.current();
 
// Update workspace
await sdk.workspace.update({ name: "New Name" });
 
// Manage members
const members = await sdk.workspace.members.get();
await sdk.workspace.members.add(userId, "member");
await sdk.workspace.members.remove(userId);

Authenticated fetch

For custom API calls to the Myco backend:

const data = await sdk.fetch<MyType>("/api/custom-endpoint", {
  method: "POST",
  body: JSON.stringify({ key: "value" }),
});

This automatically includes auth headers and the app key.

DeploymentBuilding API Routes