login()
login() prepares a MonitorDog SDK user session.
If init() registers the SDK settings, login() issues an SDK access token for the actual user email and handles only the login event and account or policy APIs. Model loading, camera permission requests, and webcam detection execution are handled by start().
Role
When login() is called, the SDK internally performs the following work in order.
Call sessionTokenProvider({ email })
-> Store SDK access token
-> Send login activity event
-> Check account information
-> Check detection policy
After a user successfully signs in to your website, call login() to prepare the SDK session. To run actual detection, call start() next.
Access Token Provider Implementation
sessionTokenProvider is the access token provider called by the SDK. In these examples, this function is defined as getMonitorDogAccessToken({ email }).
async function getMonitorDogAccessToken({ email }: { email: string }) {
const response = await fetch("/api/monitordog/access-token", {
method: "POST",
headers: { "content-type": "application/json" },
credentials: "include",
body: JSON.stringify({ email }),
});
if (!response.ok) {
throw new Error("Failed to issue MonitorDog access token");
}
return response.json();
}
const detector = await MonitorDogDetector.init({
apiBaseUrl: "https://api.monitor.dog/v1",
sessionTokenProvider: getMonitorDogAccessToken,
onDetect: handleMonitorDogDetection,
});
/api/monitordog/access-token is an example customer server endpoint. This endpoint calls MonitorDog POST /v1/sdk/sessions with the MonitorDog partner API key stored in a server environment variable or secret manager.
export async function POST(request: Request) {
const { email } = await request.json();
const response = await fetch("https://api.monitor.dog/v1/sdk/sessions", {
method: "POST",
headers: {
"content-type": "application/json",
authorization: `Bearer ${process.env.MONITORDOG_PARTNER_API_KEY}`,
},
body: JSON.stringify({ email }),
});
return new Response(await response.text(), {
status: response.status,
headers: { "content-type": "application/json" },
});
}
Technically, browser JavaScript can call MonitorDog POST /v1/sdk/sessions directly, but that exposes the partner API key and is prohibited in production or customer environments. Limit direct calls to internal local tests that use a disposable key.
Parameters
await detector.login({
// Email used when signing in to the customer website
email: currentUser.email,
});
email(required): User email registered in MonitorDog.
This email is passed to the sessionTokenProvider registered in init().
sessionTokenProvider({ email });
Your server access token endpoint uses this email and the partner API key to issue an SDK access token from the MonitorDog /v1/sdk/sessions API.
Return Value
Example return value:
{
"token_type": "bearer",
"access_token": "...",
"expires_in": 1800,
"expires_at": "2026-06-30T00:30:00+00:00"
}
In general, customer application code does not need to store or use this token directly. The SDK stores the token internally, uses it for later MonitorDog runtime API calls, and automatically renews it before expiration.
Failure Handling
login() can fail in the following situations.
sessionTokenProviderfails to issue an SDK token.- The provided email is not registered in MonitorDog.
- The customer server access token endpoint fails to call MonitorDog
/v1/sdk/sessions. - Account information or detection policy lookup fails.
Notes
- Call
login()afterinit(). - A successful
login()does not run the detector by itself. - To run detection, call
await detector.start()separately. - When the user logs out, call
stop()first if the detector is running, then calllogout(). - The email passed to
login()must match the signed-in user in your website.