const jwt = require("jsonwebtoken");

const config = process.env;

const verifyToken = (req, res, next) => {
  const token =
    req.body.token || req.query.token || req.headers["x-access-token"];

  if (!token) {
    return res.status(403).send("A token is required for authentication");
  }

  try {
    req.user = jwt.verify(token, config.TOKEN_KEY);
  } catch (err) {
    return res.status(401).send("Invalid Token");
  }

  return next();
};

module.exports = verifyToken;

FAQs

Get Your Questions Answered

Basics

What is Split?

Split is the feature delivery platform that pairs the speed and reliability of feature flags with data to measure the impact of every feature. With Split, organizations have a secure way to release features, target them to customers, and measure the impact of features on their customer experience metrics.

Why use Split?

Reduce risk and speed up development with feature flags targeted to granular customer segments, instrumented to maintain service level objectives, and secured by approval flows. Split automatically calculates impact from the moment a feature goes live, combining feature flags with your existing data pipelines. Easily test new ideas, turning any feature into a statistically rigorous controlled experiment. Build on Split’s enterprise-grade platform that prioritizes data privacy, ensures fault tolerance, and always keeps features in sync.

What are the components of the Split platform?

Key components of the Split platform include:

Feature Flags
Open source SDKs
Management Console
Data Ingestion & Export
Monitoring & Alerting
Experimentation & Impact Analysis
Enterprise Security
Workflow Integrations

What are feature flags?

Feature flags (aka toggles, flips, gates, or switches) are a software delivery concept that separates feature release from code deployment. In plain terms, it’s a way to deploy a piece of code in production while restricting access — through configuration — to only a subset of users. They offer a powerful way to turn code ideas into immediate outcomes, without breaking anything in the meantime.

Is Split open source?

As a service, no. Split is a paid, commercial, subscription service. Our SDKs are open source, allowing anyone to kick the tires and see how we decide how features are shown.

Who should use Split?

Split is deployed by engineering and product teams in organizations that want:

Frictionless product delivery, access to real-time insights on product and operational metrics, and customer experience optimization to help them unlock new revenue opportunities and stay ahead of the competition.
To rapidly turn ideas into products, measure every outcome, and deliver superior customer experiences.

What does it take to install Split?

Installing the Split SDK is incredibly easy – it’s basically a simple copy-and-paste, add the Split SDK dependency to the package manager of your choice and start using it! Visit our installation documentation to see how it works in the language of your app.

How can I use Split to create targeted releases?

Split lets you group your users into segments that can then be targeted with releases. The attributes that make up these segments are up to you, and can be drawn directly from your database or, in the case of a percentage rollout, chosen at random. Learn more about creating segments in our segments documentation.

What is a ‘feature’ in Split?

A ‘feature’ is basically any bit of code, front-end or backend, that you can wrap in an if-else statement (the Split feature flag). Features can be as big or small as you’d like them to be, from an entirely new version of the app, to a single backend service change, to a button on a web page.

What environments can I use Split in?

Split supports multiple environments for teams to work in. You features exist across these environments to ensure consistency. User permissions can also be managed across environments, letting anyone control features on staging but only admins manage production, for instance.

Does Split work with any existing tools?

We want to help teams deliver the best code as fast as possible. To help with that, we’ve integrations into a ton of services and support many additional community-driven integrations. Check out our Integration Overview.

What languages does Split support?

Split currently works with Java, JavaScript, .Net, Node.js, PHP, Python, Redux, React, Ruby, Ruby on Rails, iOS and GoLang. We’re always working on new languages. In addition, Split provides a generic SDK wrapped with a REST API endpoint called the Split Evaluator to support any code, in any language, front-end or back-end.

Does Split have an API?

Yes, the Split API provides programmatic access to the complete surface area of Split functionality, including configuration of splits, environments, traffic types, segments or customer identities. The Split API enables you to do things like configure Split experiments directly from Slack or your own internal admin console, or automatically from your monitoring tools. Ultimately, it powers feature experimentation from the tools you use today. You can read more in our API documentation.

What happens to my app if Split goes down?

Split lives post-deployment, within your application. Feature flag definitions are stored on your machines and are evaluated locally, so if that connection is ever severed – whether that’s Split going down, your app losing connection to the internet, or something else – your app will continue to serve the last known state of the flag. To mitigate against downtime, Split is connected to a dual-layered globally distributed CDN—Fastly and is highly redundant. How well do we work with Fastly? We wrote the open source Java API wrapper they currently recommend using.

How does Split handle global traffic?

Split offers a proxy solution that can be deployed wherever an app is hosted, to handle traffic locally anywhere in the world.

Security

What are Split’s security practices?

Split leverages industry-standard security practices and never requires user – identifiable data to be sent to Split servers, approaching security from these six vectors:

Access Security: Two-factor authentication, JWT Tokens, SAML-based account provisioning, role-based access controls and detailed audit logs enable customers to define the access level of each of their teammates.
Data Privacy: Pushing complex user targeting to an on-premise software development kit ensures that Split will help organizations target experiences to their customers while securing customer information and data.
Product Security: Secure development practices govern the release of each change to the Split platform. In addition, Split regularly undergoes rigorous third-party security auditing by Gotham Digital Science and has achieved OWASP-10 certification. We have also added SOC 2 Type 2 compliance certification to our Intelligent Security Framework.
Infrastructure Security: Infrastructure penetration testing, limited access to production systems by only trained professionals, and periodic backups secure Split’s infrastructure against threats.
Compliance: By not requiring user data to be sent outside your network, Split brings targeted feature rollout to compliance-sensitive companies.

To learn more about the Split’s enterprise security practices, read the Primer.

Does Split see my user’s data?

By default, Split does not see any user-identifiable data. Split does log anonymized impression data for each user experiencing a feature, giving you insight into how many times your feature was seen by your users

Create Impact With Everything You Build

We’re excited to accompany you on your journey as you build faster, release safer, and launch impactful products.

Free Account Contact Us

Search site

Why Split

Products

Feature Delivery & Control

Feature Measurement & Learning

Enterprise Readiness

Related Links

Use Cases

By Need

By Industry

Resources

Developer Resources

Content Hub

Success