🔑 Authentication
The SDK uses the OAuth2 Client Credentials flow behind the scenes. Once you call configure with your clientId and clientSecret, every request automatically obtains and refreshes an access token.
How it works​
- The SDK requests a token using the OAuth2 Token Exchange endpoint.
- Tokens are cached until 30 seconds before expiry.
- All API calls include the
x-auth-tokenandx-client-idheaders for you.
You generally do not need to handle tokens manually. If you wish to override the fetch implementation (for example in React Native), pass a custom fetchFn during configuration:
import { configure } from '@quranjs/api';
import fetch from 'cross-fetch';
configure({
clientId: 'YOUR_CLIENT_ID',
clientSecret: 'YOUR_CLIENT_SECRET',
fetchFn: fetch,
});
For details on the OAuth2 endpoints themselves, see the Token Exchange documentation.