api.stack-auth.com and api.hexclave.com) point at the same service, so each @stackframe/* package continues to work; staying on the legacy SDK requires no action.
This guide is for projects that want to migrate to @hexclave/* packages.
1. Install the new packages
Replace each@stackframe/* dependency with its @hexclave/* equivalent:
| Old package | New package |
|---|---|
@stackframe/stack | @hexclave/next |
@stackframe/react | @hexclave/react |
@stackframe/js | @hexclave/js |
@stackframe/* to @hexclave/*. The public API surface is identical, except that all Stack* references are renamed to Hexclave*:
Before
After
2. Update hardcoded references
Sweep your codebase and replace:https://api.stack-auth.com→https://api.hexclave.com
Optional changes
All legacy names keep working — rename only if you want your code to match the new brand.- Request headers:
X-Stack-*→X-Hexclave-*. - Environment variables:
STACK_*→HEXCLAVE_*. - Bearer prefix:
stackauth_*tokens remain valid. - CLI binary: both
stackandhexclaveship with@hexclave/cli. - Hosted-handler subdomain:
.built-with-stack-auth.comstill works.
Other
If your backend verifies Hexclave-issued JWTs directly (for example withjose.jwtVerify), update the expected iss claim — @hexclave/* SDKs sign tokens under the hexclave host:
Before
After
/api/v1/projects-anonymous-users/...) and restricted (/api/v1/projects-restricted-users/...) issuer variants.
You don’t need to update your OAuth provider callback URLs — your current api.stack-auth.com callback URLs keep working. However, if you recreate an OAuth provider on the dashboard, you’ll need to use the new callback URL: