Auth

Authentication

Refresh Access Token

post

Refreshes the access token by the refresh token.

Body
refreshTokenstringRequired

JWT

Example: eyJhbGciOiJIUzI...Qedy-rosPJLzs3jArh6Vc
Responses
200

Ok

application/json
post
/auth/v1/refresh
200

Ok

Sign Up

Create Account

post

Creates new account and register the current device's key as the initial user key. This involves deploying the account on the chain you've specified.

Body
methodstring · enumRequired

The login channel the user is currently signing in/up.

Example: firebasePossible values:
tokenstringRequired

The access token / ID token / redirect code retrieved as a result of OAuth 2.0 Sign In. Server uses it to call the OAuth provider to verify that the client correctly finished OAuth flow, and fetches users' basic profile information such as email.

Its value differs by channel:

  • For apple, it's the ID token returned after finishing the SIWA process from the client.
  • For firebase, it's the redirect code from OAuth2 Redirect URI.
Example: eyJhbGciOiJIUzI...Qedy-rosPJLzs3jArh6Vc
chainNamestring · enumRequiredPossible values:
userKeyany ofRequired

The user key (usually device key / PassKey) created from the client SDK. Used as one of initial multi-sig keys for creating an account.

or
or
Responses
post
/auth/v1/signup
201Success

Sign In (with 2FA)

Sign In with 2FA

post

Sign in with two-factor authentication from other device. This is required when the user is trying to sign on the new device.

Body
Responses
200

Ok

application/json
post
/auth/v1/signin/2fa
200

Ok

Finish Sign In with 2FA

post

Finish sign in after the user authorized the request on the other device. This API will return the API credentials and account information.

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Body
twoFactorAuthRequestIdstringRequired

The latest 2FA request ID.

Example: deadbeef-dead-beef-dead-beefdeadbeef
Responses
200

Ok

application/json
post
/auth/v1/signin/2fa/finish
200

Ok

Sign In (with Challenge)

Starts SignIn Challenge

post

Starts SignIn Challenge. This is required when the user is trying to sign in from the device already registered. The client should request with the public key of the device. If it's not registered, it will raise HTTP 400 with PleaseRegisterKey error.

Issues a random 32-byte challengeData to the client. The client should respond by signing the data with the device's key, within 5 minutes.

The challenge type should be specified with either passKey or deviceKey.

Body
challengeTypestring · enumRequiredPossible values:
publicKeystringRequired

The public key of the PassKey in client-side. Should be 64-byte hex string concatenated with [x: 32byte, y: 32byte].

Responses
200

Ok

application/json
post
/auth/v1/signin/challenge
200

Ok

Finish SignIn Challenge

post

Finishes sign in challenge. The client should provide the signature of the challengeData issued by the server. If valid, it will return the API credentials and account information.

Body
challengeTypestring · enumRequiredPossible values:
challengeDatastringRequired
Responses
200

Ok

application/json
post
/auth/v1/signin/challenge/respond
200

Ok

Recover Account

post

Request to recover the account.

Responses
post
/auth/v1/recover
204

No content

No content
PreviousAccountNextDevice

Last updated

Was this helpful?