# Getting Started
# Getting Started
AscendKit gives your app authentication, analytics, email templates, surveys, and user journeys — configured from the CLI or AI coding agents, not hardcoded.
## Framework support
| Framework | Auth | Components | Analytics | Webhooks |
|-----------|------|------------|-----------|----------|
| **Next.js 14+** | Full (server + client) | Pre-built UI | Client + server | Server |
| **React (Vite, Remix, Astro)** | Client hooks only | Pre-built UI | Client only | — |
| **FastAPI** | Token verification | — | Server | Server |
| **Flask / Django** | Token verification | — | Server | Server |
| **Any Python** | Token verification | — | Server | Server |
The JavaScript SDK package is `@ascendkit/nextjs`. React hooks and components work in any React framework, but the server-side auth runtime (session management, OAuth callbacks) requires Next.js today. Python backends use the `ascendkit` package for token verification and webhooks with any framework.
## Setup sequence
Follow these steps in order:
### 1. Create an account
Sign up at the [AscendKit portal](/). When you sign up, AscendKit creates your first project with a **dev** environment pre-loaded with starter content:
- An **onboarding journey** with a welcome flow and common lifecycle triggers
- **Email templates** for verification, welcome, and password reset
- A **starter NPS survey**
Your dev environment is fully functional with no restrictions — use it for local testing or ship it to customers as-is. Review and personalize the starter content whenever you're ready.
### 2. Install the CLI and SDK
See [Installation](/docs/install) for OS-specific instructions and prerequisites.
### 3. Initialize the CLI
In your app's root directory:
```bash
ascendkit init
```
This opens a browser window for authentication and saves credentials locally. Then link to your development environment:
```bash
ascendkit set-env pk_dev_your_public_key
```
This writes your API URL, public key, and secret key into `.env`/`.env.local`, and includes an `APP_URL=` placeholder. We recommend setting it to your app's origin (e.g., `APP_URL=http://localhost:3000`) to avoid social login callback issues. See [CLI Setup](/docs/cli) for details.
### 4. Review & configure
Your dev environment comes with starter content that works out of the box. Use the CLI or portal to review and personalize it — no code changes needed.
#### Review your starter content
- [Email Templates](/docs/cli/templates) — customize the verification, welcome, and password reset emails for your brand
- [User Journeys](/docs/cli/journeys) — adjust triggers and content in the onboarding journey to match your product's flow
- [Surveys](/docs/cli/surveys) — edit the starter NPS survey or create CSAT and custom surveys
#### Set up your own identity
Starter defaults use AscendKit's shared infrastructure so you can get started immediately. Before going to production, set up your own:
- **Email sending domain** — Starter emails send from AscendKit's address. To send as your brand, [verify a custom domain](/docs/cli/email) (DKIM/SPF) and create email identities for your sender addresses.
- **OAuth credentials** — Social logins (Google, GitHub, LinkedIn) work immediately through AscendKit's shared OAuth proxy. For production, we strongly recommend [registering your own OAuth apps](/docs/cli/auth) with your own client ID and secret — this gives you full control over consent screens, branding, and rate limits.
- [Webhooks](/docs/cli/webhooks) — configure endpoints to receive user lifecycle events in your backend
- [Analytics](/docs/analytics) — track every visitor from first page view through signup with automatic identity stitching and attribution
- [Analytics CLI](/docs/cli/analytics) — query visitor traffic, acquisition sources, and conversion metrics from the terminal
Configuration is live — you can update templates, journeys, surveys, and auth settings at any time without redeploying your app.
### 5. Integrate with your app
Add the SDK to your codebase. The setup differs by framework:
- **Next.js**: [Next.js Integration](/docs/integration) — auth runtime, provider, pre-built UI components
- **Python backend**: [Python SDK](/docs/python) — token verification, webhook handling
## Adding environments
Your dev environment is all you need to get started — it's fully functional for both local development and production use. When you're ready to separate environments (e.g., a dedicated production environment with its own data and keys), use the **promote** command:
```bash
ascendkit environment promote --target prod
```
This copies all your configuration, templates, journeys, and surveys into the new environment. The only change in your app is swapping the environment key — replace your `pk_dev_...` key with the new `pk_prod_...` key, and everything works the same way.
Multiple environments are available on the [Launch and Scale tiers](/pricing).
## Architecture
```
Your App (Next.js / React / Python)
└── AscendKit SDK
└── AscendKit Backend API
├── Auth (credentials, OAuth, magic link, waitlist)
├── Analytics (pageviews, attribution, identity stitching)
├── Email (templates, domain verification)
├── Surveys (NPS, CSAT, custom)
└── Journeys (lifecycle automation)
CLI / Portal
└── AscendKit Backend API (same)
```
The SDK runs inside your app and talks to the AscendKit backend. The CLI and portal configure that same backend. Your app code doesn't change when you toggle providers, update templates, or create surveys.
## AI-assisted integration
If you're using an AI coding assistant (Cursor, Copilot, Claude, ChatGPT, etc.), point it at the machine-readable docs:
- **[llms.txt](/docs/llms.txt)** — quickstart with code examples, plus links to each doc page. Best for most AI tools.
- **[llms-full.txt](/docs/llms-full.txt)** — all documentation in a single file. Use when your AI has a large context window or you want the complete reference.
---
# Installation
# Installation
## Prerequisites
- **Node.js** 18 or later (for CLI and JavaScript SDK)
- **Python** 3.10 or later (for Python SDK, if applicable)
## CLI
The CLI authenticates you, initializes projects, and configures all AscendKit services. Works on macOS, Linux, and Windows.
```bash
npm install -g @ascendkit/cli
```
Or run without installing:
```bash
npx @ascendkit/cli
```
### Verify installation
```bash
ascendkit --version
```
## Next.js SDK
For Next.js applications with full server-side auth, pre-built UI components, and analytics:
```bash
npm install @ascendkit/nextjs
```
> **Note**: The package is `@ascendkit/nextjs`. It has `next >= 14` and `react >= 18` as peer dependencies. The React hooks and components also work in other React frameworks (Vite, Remix, Astro), but the server-side auth runtime requires Next.js.
## Python SDK
For Python backends that need to verify access tokens or handle webhooks. Works with any framework (FastAPI, Flask, Django, etc.):
```bash
pip install ascendkit
```
## Environment variables
After running `ascendkit init` and `ascendkit set-env`, the CLI writes these into your `.env` / `.env.local` files automatically. You can also set them manually:
| Variable | Side | Required for | Description |
|----------|------|-------------|-------------|
| `ASCENDKIT_API_URL` | Server | All | AscendKit backend URL |
| `NEXT_PUBLIC_ASCENDKIT_API_URL` | Client | Next.js | Same URL, exposed to browser |
| `ASCENDKIT_ENV_KEY` | Server | All | Project public key (`pk_dev_...`) |
| `NEXT_PUBLIC_ASCENDKIT_ENV_KEY` | Client | Next.js | Same key, exposed to browser |
| `APP_URL` | Server | Auth redirects | Public URL where your app is hosted |
| `ASCENDKIT_SECRET_KEY` | Server | Analytics, admin | Secret key (never expose to client) |
| `ASCENDKIT_WEBHOOK_SECRET` | Server | Webhooks | Webhook signing secret (`whsec_...`) |
`APP_URL` should be your app's origin — `http://localhost:3000` for local development, or `https://app.yourdomain.com` for production. The SDK can infer the origin when blank, but setting it explicitly avoids "Invalid origin" errors with social login.
The `NEXT_PUBLIC_` prefixed variables are only needed for Next.js applications. Python backends only need `ASCENDKIT_ENV_KEY`, `ASCENDKIT_SECRET_KEY`, and `ASCENDKIT_WEBHOOK_SECRET`.
## Next steps
1. [Initialize the CLI](/docs/cli) in your project
2. [Integrate with your app](/docs/integration) (Next.js) or [set up your Python backend](/docs/python)
---
# Next.js Integration
# Next.js Integration
This guide covers the `@ascendkit/nextjs` SDK with Next.js 14+ (App Router). For Python backends, see [Python SDK](/docs/python). For other React frameworks, see [Other React Frameworks](#other-react-frameworks) at the bottom of this page.
## Auth setup
After [installing the SDK](/docs/install) and [initializing the CLI](/docs/cli), follow these four steps:
### 1. Create the auth runtime
```ts
// lib/auth.ts
import { createAscendKitAuthRuntime } from "@ascendkit/nextjs/server";
export const authRuntime = createAscendKitAuthRuntime();
```
The runtime reads `ASCENDKIT_ENV_KEY`, `ASCENDKIT_SECRET_KEY`, and `ASCENDKIT_API_URL` from your environment automatically. We recommend setting `APP_URL` in your env file to your app's origin (e.g., `http://localhost:3000` for local dev) — the SDK can infer it from requests, but an explicit value avoids "Invalid origin" errors with social login. If you prefer explicit configuration:
```ts
export const authRuntime = createAscendKitAuthRuntime({
publicKey: process.env.ASCENDKIT_ENV_KEY!,
});
```
#### Options
| Option | Type | Description |
|--------|------|-------------|
| `publicKey` | `string` | Environment public key (default: `ASCENDKIT_ENV_KEY` env var) |
| `secretKey` | `string` | Environment secret key (default: `ASCENDKIT_SECRET_KEY` env var) |
| `authSecret` | `string` | Better Auth session secret (default: `BETTER_AUTH_SECRET`, then `AUTH_SECRET`, then `ASCENDKIT_SECRET_KEY`) |
| `apiUrl` | `string` | AscendKit API URL (default: `ASCENDKIT_API_URL` or `https://api.ascendkit.dev`) |
| `appBaseUrl` | `string` | Public app origin used for auth callbacks and redirects |
| `allowedHosts` | `string[]` | Optional allowlist for dynamic callback host resolution |
| `trustedProxyHeaders` | `boolean` | Trust `x-forwarded-*` headers when deriving the request origin |
| `waitlistRedirectPath` | `string` | Redirect path for waitlisted users after social login (e.g. `"/waitlist"`) |
| `rejectedRedirectPath` | `string` | Redirect path for rejected users after social login (e.g. `"/rejected"`) |
Example with waitlist redirect:
```ts
export const authRuntime = createAscendKitAuthRuntime({
waitlistRedirectPath: "/waitlist",
rejectedRedirectPath: "/rejected",
});
```
If your app has a fixed public URL, configure it through AscendKit:
```ts
export const authRuntime = createAscendKitAuthRuntime({
appBaseUrl: process.env.APP_URL,
});
```
`APP_URL` should be the origin where your app is running — `http://localhost:3000` for local development, or `https://app.yourdomain.com` for production. You can leave it blank and let the SDK infer the origin from the request, but an explicit value is more reliable.
If you use preview deployments, allow dynamic hosts explicitly:
```ts
export const authRuntime = createAscendKitAuthRuntime({
allowedHosts: ["localhost:3000", "*.vercel.app", "app.example.com"],
});
```
When a user signs up via social login (Google, GitHub, etc.) and lands on the waitlist, they are redirected to `waitlistRedirectPath` instead of receiving a `?error=waitlist_pending` query param. The same applies to rejected users. If these options are not set, the default behavior appends `?error=waitlist_pending` or `?error=waitlist_rejected` to the callback URL.
### 2. Add the API route
```ts
// app/api/auth/[...all]/route.ts
import { authRuntime } from "@/lib/auth";
import { createAuthRouteHandlers } from "@ascendkit/nextjs/server";
export const { GET, POST } = createAuthRouteHandlers(authRuntime);
```
### 3. Add the provider
```tsx
// app/layout.tsx
import { AscendKitProvider } from "@ascendkit/nextjs";
export default function RootLayout({ children }: { children: React.ReactNode }) {
return (
{children}
);
}
```
The provider reads `NEXT_PUBLIC_ASCENDKIT_ENV_KEY` and `NEXT_PUBLIC_ASCENDKIT_API_URL` from the environment. If you prefer explicit configuration:
```tsx
```
### 4. Add sign-in and sign-up
`` already mounts a global auth modal for you — you don't need to render one yourself. You have three UX patterns to choose from. Pick the one that fits your app; you can mix them.
#### Which option should I use?
| Scenario | Recommended option |
|----------|-------------------|
| Marketing site or landing page — user clicks "Sign in" in the header and stays on the page | **Modal** — `` / `` (default `mode="modal"`) |
| Dedicated `/login` and `/signup` routes with the same styling everywhere | **Dedicated page (all-in-one)** — `` |
| Fully custom layouts or marketing content next to a login form | **Dedicated page (split)** — `` and `` |
| App with a custom nav button that should open auth without navigating | **Hook** — `useAuthModal()` |
| Gate protected content until the user signs in | Wrap with `` / `` and trigger the modal from the fallback |
#### Option A — Modal (no auth page needed)
Drop buttons anywhere in your layout. `AscendKitProvider` handles everything else.
```tsx
// app/layout.tsx (inside the provider)
import { SignInButton, SignUpButton, SignedIn, SignedOut, AscendKitUserButton } from "@ascendkit/nextjs";
```
Want to use your own button component? Pass `asChild`:
```tsx
import { Button } from "@/components/ui/button";
```
Need to open the modal programmatically (e.g. after a pricing CTA or analytics event)? Use the hook:
```tsx
import { useAuthModal } from "@ascendkit/nextjs";
function UpgradeCta() {
const { open } = useAuthModal();
return ;
}
```
#### Option B — Dedicated page with `AscendKitAuthCard`
Use this when you want a real `/login` route (e.g. for SEO, email deep links, or password managers). One component handles sign-in, sign-up, and forgot-password views.
```tsx
// app/login/page.tsx
import { AscendKitAuthCard } from "@ascendkit/nextjs";
export default function AuthPage() {
return ;
}
```
Pin a specific view if you have separate routes for sign-in and sign-up:
```tsx
// app/signup/page.tsx
```
Views: `"SIGN_IN"`, `"SIGN_UP"`, `"FORGOT_PASSWORD"`.
#### Option C — Separate `Login` / `SignUp` components
Use this when you want full control of each page (e.g. marketing copy beside the form, different layouts for sign-in vs sign-up).
```tsx
// app/login/page.tsx
import { Login } from "@ascendkit/nextjs";
export default function LoginPage() {
return (
{ window.location.href = "/dashboard"; }}
onSwitchToSignUp={() => { window.location.href = "/signup"; }}
onForgotPassword={() => { window.location.href = "/forgot-password"; }}
/>
);
}
```
```tsx
// app/signup/page.tsx
import { SignUp } from "@ascendkit/nextjs";
export default function SignUpPage() {
return (
{ window.location.href = "/dashboard"; }}
onSwitchToLogin={() => { window.location.href = "/login"; }}
/>
);
}
```
> **Heads up:** you don't need ``, ``, or `` if you're only using `SignInButton` / `SignUpButton` / `useAuthModal()` — the provider's built-in modal already renders the forms. Pick one pattern per route and stick with it.
## Components
All components render inside ``. Social buttons appear automatically when providers are enabled via the CLI or portal.
### Login / SignUp
| Prop | Type | Description |
|------|------|-------------|
| `onSuccess` | `() => void` | Called after success |
| `onError` | `(error: string) => void` | Called on failure |
| `callbackURL` | `string` | Redirect after social auth |
| `onSwitchToSignUp` | `() => void` | (Login) Show "Sign Up" link in footer |
| `onSwitchToLogin` | `() => void` | (SignUp) Show "Sign In" link in footer |
| `onForgotPassword` | `() => void` | (Login) Show "Forgot password?" link |
| `onBackToLogin` | `() => void` | (ForgotPassword) Show "Back to sign in" link |
### AscendKitAuthCard
Single component for all auth views. Use instead of separate Login/SignUp pages.
```tsx
import { AscendKitAuthCard } from "@ascendkit/nextjs";
```
Views: `"SIGN_IN"`, `"SIGN_UP"`, `"FORGOT_PASSWORD"`
### SocialButton
```tsx
import { SocialButton } from "@ascendkit/nextjs";
```
### AscendKitUserButton
User avatar with sign-out dropdown for your app header or sidebar.
```tsx
import { AscendKitUserButton } from "@ascendkit/nextjs";
```
Top nav:
```tsx
```
Expanded vertical nav:
```tsx
```
Collapsed vertical nav:
```tsx
```
### SignInButton / SignUpButton
Convenience buttons that open the auth modal or redirect to an auth page.
```tsx
import { SignInButton, SignUpButton } from "@ascendkit/nextjs";
```
| Prop | Type | Default | Description |
|------|------|---------|-------------|
| `mode` | `"modal" \| "redirect"` | `"modal"` | Open modal or redirect |
| `redirectUrl` | `string` | `"/auth/sign-in"` or `"/auth/sign-up"` | Path for redirect mode |
| `asChild` | `boolean` | `false` | Delegate rendering to child element |
| `children` | `ReactNode` | `"Sign in"` / `"Sign up"` | Button label |
#### Using `asChild` with your own components
When `asChild` is true, the button delegates its `onClick` handler to the child element instead of wrapping in its own `