API Reference

To enable secure integration with AgentPine's API services, you may need to extract session cookies from authenticated users. In many Next.js projects, session tokens (like those from next-auth) are stored in cookies and may be marked as HttpOnly for security. These cookies are not accessible from the frontend via JavaScript, which can cause issues when using AgentPine in a purely client-side environment.

To solve this, you can add a secure server-side API route in your project at/api/set-agentpine-cookie. This endpoint will safely extract only the whitelisted cookies from the request headers and return them to the frontend. It supports both HttpOnly and non-HttpOnly cookies, and ensures that only safe, expected values are passed to the AgentPine SDK.

If your project does not use authentication or you are building a fully client-side app without login, you do not need this API route. AgentPine can operate without cookies in that case. However, for most applications using login systems like NextAuth or custom auth tokens in cookies, this endpoint is recommended for consistent behavior across environments.

{
  "cookies": {
    "next-auth.session-token": "abc123...",
    "next-auth.csrf-token": "xyz456..."
  }
}

import { NextRequest, NextResponse } from "next/server"

const WHITELISTED = ["next-auth.session-token", "next-auth.csrf-token"]

export async function GET(req: NextRequest) {
  const cookieHeader = req.headers.get("cookie")
  if (!cookieHeader) {
    return NextResponse.json({ message: "No cookies found" }, { status: 400 })
  }

  const allCookies = {}
  cookieHeader.split(";").forEach((raw) => {
    const [name, ...rest] = raw.trim().split("=")
    allCookies[name] = rest.join("=")
  })

  const extracted = {}
  WHITELISTED.forEach((key) => {
    if (allCookies[key]) extracted[key] = allCookies[key]
  })

  return NextResponse.json({ cookies: extracted })
}