Token Types
Authentication Flow
Authentication Flow
Let’s take a look at how you can complete SIWE validation and retrieve access tokens.1
Get SIWE Message to sign
Request a SIWE message by calling the endpoint with the wallet address in the path and required query parameters.See full specification: GET /auth/siwe/
Domain Whitelisting Required: We validate domains on our end for security. Your SIWE message must originate from a domain that has been pre-approved and whitelisted in our system. Contact our team to whitelist your domain before implementing authentication.
- Sandbox
- Production
2
Get Access and Refresh Token
Submit the signed SIWE message to verify authentication and receive your token pair. Send the wallet address, signature from the user’s wallet, and the original SIWE message to get both access and refresh tokens.See full specification: POST /auth/siwe
- Sandbox
- Production
3
Refresh Access Token
Exchange a valid refresh token for a new access token and rotated refresh token. This should be called automatically when your access token expires (every 15 minutes) or when you receive a 401 response.See full specification: POST /auth/refresh
- Sandbox
- Production
Token Rotation: Each refresh request invalidates the previous refresh token and issues a new one. Always store the new refresh token from the response for subsequent refresh requests.
Revoking access tokens
To securely log out a user, revoke their current session by invalidating all refresh tokens in the token family. See full specification: POST /auth/logout- Sandbox
- Production