Getting user data on the Frontend

To access user data in your frontend application, use the hanko.getUser() method from the hanko-frontend-sdk (also available via hanko-elements). To extract user claims from the JWT token, use the hanko.validateSession() function. 
"use client";

import { Hanko } from "@teamhanko/hanko-elements";

const hankoApi = <YOUR_HANKO_API_URL>;
const hanko = new Hanko(hankoApi);

// Fetches the current user's profile information
const user = await hanko.getUser();
console.log("User profile:", user);
// Example output:
// {
//   user_id: "123e4567-e89b-12d3-a456-426614174000",
//   emails: [{ address: "user@example.com", is_primary: true, is_verified: true }],
//   username: { id: "f2882293-3c39-451d-a7cb-4cf3375e0c66", username: "johndoe" },
//   created_at: "2025-01-01T10:00:00Z",
//   updated_at: "2025-04-01T12:00:00Z"
// }

// Checks the validity of the current session and returns the user claims
const sessionStatus = await hanko.validateSession();
console.log("Session status:", sessionStatus);
// Example output:
// {
//   is_valid: true,
//   claims: {
//     subject: "123e4567-e89b-12d3-a456-426614174000",
//     session_id: "789abc",
//     expiration: "2025-04-25T12:00:00Z",
//     email: { address: "user@example.com", is_primary: true, is_verified: true },
//     custom_field: "value"
//   }
// }

Getting user data on the Backend

Getting user ID from the JWT

After successful authentication, the Hanko API returns a cookie containing a JWT token. This cookie is automatically sent to your backend with each subsequent request. You can extract the user ID from this JWT using the jose library: 
import { cookies } from "next/headers";
import * as jose from "jose";

export async function userId() {
  const token = cookies().get("hanko")?.value;
  const payload = jose.decodeJwt(token ?? "");

  const userID = payload.sub;
  return userID;
}

Getting email from the JWT

Beyond the user ID, you can also extract the current email address from the JWT, including its verification status and primary email designation. 
import { cookies } from "next/headers";
import * as jose from "jose";

export async function emailData() {
  const token = cookies().get("hanko")?.value;
  const payload = jose.decodeJwt(token ?? "");

  /* email object looks like:
  {
    address: 'team@hanko.io
    is_primary: true
    is_verified: true
  }
   */
  const emailData = payload.email;
  return emailData;
}
You can refer to the User Metadata guide for details on managing user metadata included in the JWT payload. For information on customizing session tokens with metadata, see the Session Token Customization guide.

Get user data using the Hanko Admin API

The Hanko Admin API provides comprehensive access to user status, management capabilities, metrics, and more. This example focuses on retrieving data for a specific user. To fetch data for a specific user, make a request to the /users/{id} endpoint of the Hanko Admin API, where id is the user ID obtained from the JWT.
The Hanko Admin API is available in Hanko Pro and Enterprise plans. Check out our pricing page for more information.You also need an API key secret to access the Hanko Admin API which can be generated under the Settings > API Keys section of your project.
const getUserData = async () => {
  const adminAPI = process.env.ADMIN_API;
  const adminSecret = process.env.ADMIN_SECRET;
  const options = {
    method: "GET",
    headers: {
      Authorization: `Bearer ${adminSecret}`,
    },
  };

  const response = await fetch(`${adminAPI}/users/${userID}`, options);

  return response.json();
};

const userData = await getUserData();
console.log("user data:", userData);