Login

denyAccess Last updated: 30. May 2026

API only function

Stops execution of the current API request and returns an HTTP 401 Login Required response to the caller. Use it in #/API/ endpoints to block requests that are missing a valid request.Jwt or that lack the required role. Because hash templates are static and cached, denyAccess() belongs in API/JS files — never in .hash templates.

See also: writeJwt deleteJwt logOut flagActivity getProfilePictureUrl Custom JWT login example

Parameters

This function takes no parameters

Returns

A login required error result with HTTP code 401.

Example

Code example (JS)

JS is normal JavaScript either running in the browser or on the Docly™ server. 
// #/API/secret-data.js — a protected API endpoint
export default () => {

    // Block users who are not logged in
    if (!request.Jwt) {
        return docly.denyAccess();
    }

    // Block users who don't have the required role
    if (request.Jwt.access !== "admin") {
        return docly.denyAccess();
    }

    // Authorized — return the protected payload
    return {
        secret: "Only admins see this"
    };
}

// denyAccess() exits the request immediately with HTTP 401.
// See writeJwt() for issuing the JWT cookie that populates request.Jwt.