---
title: TypeScript auth helpers
description: Resolve sessions and enforce permissions in server-side Relpin route handlers.
section: SDK
sidebarLabel: TypeScript / Auth
order: 90
updated: "2026-06-11"
status: beta
llms: true
keywords:
  - TypeScript
  - auth
  - permissions
  - withAuth
---

Relpin auth helpers resolve the current session through a server-side auth service and enforce permission checks before route handler logic runs.

## Require a session

```ts
import { withAuth } from '@app-builder-platform/relpin-sdk/auth'

export const handler = withAuth(async ({ session }) => {
  return Response.json({ userId: session.userId, orgId: session.orgId })
})
```

## Require a permission

```ts
export const updateOrder = withAuth(
  async ({ requestContext }) => {
    return Response.json({ env: requestContext.env })
  },
)
```

Pass a required permission through the handler options when the route is invoked. Missing sessions and denied permissions should fail closed.

## Do not trust roles alone

Roles are useful presets. Product surfaces should enforce explicit permission keys for sensitive actions.