diff --git a/docs/src/usage/nodejs.md b/docs/src/usage/nodejs.md
index 1118a16..f8948c2 100644
--- a/docs/src/usage/nodejs.md
+++ b/docs/src/usage/nodejs.md
@@ -42,31 +42,32 @@ const root = new KeyPair();
 ## Create a token
 
 ```javascript
-const { biscuit, KeyPair } = require('@biscuit-auth/biscuit-wasm');
+const { biscuit, PrivateKey } = require('@biscuit-auth/biscuit-wasm');
 
-const root = new KeyPair();
 const userId = "1234";
 // a token can be created from a datalog snippet
-const biscuitBuilder = biscuit`
+const builder = biscuit`
   user(${userId});
   check if resource("file1");
 `;
 
 // facts, checks and rules can be added one by one on an existing builder.
 for (let right of ["read", "write"]) {
-    biscuitBuilder.addFact(fact`right(${right})`);
+    builder.addFact(fact`right(${right})`);
 }
 
-const token = builder.build(root);
+const privateKey = PrivateKey.fromString("<private key>");
+const token = builder.build(privateKey);
 console.log(token.toBase64());
 ```
 
 ## Authorize a token
 
 ```javascript
-const { authorizer, Biscuit } = require('@biscuit-auth/biscuit-wasm');
+const { authorizer, Biscuit, PublicKey } = require('@biscuit-auth/biscuit-wasm');
 
-const token = Biscuit.fromBase64("<base64 string>");
+const publicKey = PublicKey.fromString("<public key>");
+const token = Biscuit.fromBase64("<base64 string>", publicKey);
 
 const userId = "1234";
 const auth = authorizer`
@@ -91,9 +92,10 @@ const acceptedPolicyCustomLimits = authorizer.authorizeWithLimits({
 ## Attenuate a token
 
 ```javascript
-const { block, Biscuit } = require('@biscuit-auth/biscuit-wasm');
+const { block, Biscuit, PublicKey } = require('@biscuit-auth/biscuit-wasm');
 
-const token = Biscuit.fromBase64("<base64 string>");
+const publicKey = PublicKey.fromString("<public key>");
+const token = Biscuit.fromBase64("<base64 string>", publicKey);
 
 // restrict to read only
 const attenuatedToken = token.append(block`check if operation("read")`);
@@ -105,9 +107,10 @@ console.log(attenuatedToken.toBase64());
 A sealed token cannot be attenuated further.
 
 ```javascript
-const { Biscuit } = require('@biscuit-auth/biscuit-wasm');
+const { Biscuit, PublicKey } = require('@biscuit-auth/biscuit-wasm');
 
-const token = Biscuit.fromBase64("<base64 string>");
+const publicKey = PublicKey.fromString("<public key>");
+const token = Biscuit.fromBase64("<base64 string>", publicKey);
 
 const sealedToken = token.sealToken();
 ```
@@ -116,9 +119,10 @@ const sealedToken = token.sealToken();
 
 
 ```javascript
-const { Biscuit } = require('@biscuit-auth/biscuit-wasm');
+const { Biscuit, PublicKey } = require('@biscuit-auth/biscuit-wasm');
 
-const token = Biscuit.fromBase64("<base64 string>");
+const publicKey = PublicKey.fromString("<public key>");
+const token = Biscuit.fromBase64("<base64 string>", publicKey);
 
 // revocationIds is a list of hex-encoded revocation identifiers,
 // one per block
@@ -133,9 +137,10 @@ if (containsRevokedIds(revocationIds)) {
 ## Query data from the authorizer
 
 ```javascript
-const { authorizer, rule, Biscuit } = require('@biscuit-auth/biscuit-wasm');
+const { authorizer, rule, Biscuit, PublicKey } = require('@biscuit-auth/biscuit-wasm');
 
-const token = Biscuit.fromBase64("<base64 string>");
+const publicKey = PublicKey.fromString("<public key>");
+const token = Biscuit.fromBase64("<base64 string>", publicKey);
 
 const userId = "1234";
 const auth = authorizer`