Picket Docs
Search…
πŸ”
Wallet Login
A guide to start authenticating wallets in minutes.

Get your API Key

An API key is required to authorize your requests when interacting with the Picket API. Requests without an API key will result in an error.
To get your API key, go to the account dashboard. API keys are associated with projects to make key management easy.
Within each project there are two types of API keys
  • Publishable keys: These keys are used client-side and are meant for client-side libraries, like picket-js.
  • Secret keys: As the name suggests, these must be kept secret. They are meant for server-side libraries, like picket-node​
Authorization to the API is performed via HTTP Basic Auth. Provide your API key as the basic auth username. You do not need to provide a password. When using Picket SDKs, API Authorization is handled for you.
Javascript
Curl
import Picket from "@picketapi/picket-js";
const picket = new Picket('YOUR_PUBLISHABLE_KEY_HERE');
curl https://picketapi.com/v1/{any_endpoint}
-u YOUR_SECRET_KEY

Install the Picket SDK

The best way to interact with our API is to use one of our official libraries.
As a first step after ensuring you have your API keys, install one of the picket libraries for the easiest integration. Type the following into your command line
Javascript
React
Node
# Install via NPM
npm install --save "@picketapi/picket-js"
# Install via NPM
npm install --save "@picketapi/picket-react"
# Install via NPM
npm install --save "@picketapi/picket-node"
Want to use Picket with other web-frameworks? Let us know at [email protected]

Wallet Authentication

The easiest way to authenticate a wallet is with one of our client libraries. Simply call the login() method and everything will be handled for you. A successful wallet authentication will return an access token.
Take a look at how you can initiate the authentication flow by using our official libraries, or via curl:
Javascript
React
curl
import Picket from "@picketapi/picket-js";
const picket = new Picket('YOUR_PUBLISHABLE_KEY_HERE');
const { accessToken, user } = await picket.login({ chain: "ethereum" });
​
console.log(user);//Logs the user object for your inspection.
import { PicketProvider, usePicket } from "@picketapi/picket-react";
​
function MyApp({ children }) {
return (
<PicketProvider apiKey="YOUR_PUBLISHABLE_KEY_HERE">
{children}
</PicketProvider>
);
}
​
// set this to the chain you want to authenticate users for
// if the chain parameters is omitted, it will default to the ethereum mainnet
const chain = "ethereum"; // "solana"
​
function MySecurePage() {
const {
isAuthenticating,
isAuthenticated,
authState,
logout,
login
} = usePicket();
// user is logging in
if (isAuthenticating) return "Loading";
​
// user is not logged in
if (!isAuthenticated) {
return (
<div>
<p>You are not logged in!</p>
<button onClick={() => login({ chain })}>
Login with Wallet
</button>
</div>
)
}
​
// user is logged in πŸŽ‰
const { user } = authState;
const { walletAddress } = user;
return (
<div>
<p>You are logged in as {walletAddress} </p>
<button onClick={() => logout()}>Logout</button>
</div>
)
}
curl https://picketapi.com/api/v1/auth \
-X POST \
-u PROJECT_SECRET_KEY \
-H 'Content-Type: application/json' \
-d '{
"walletAddress": "0xWALLET_ADDRESS",
"signature": "SUPER_SECRET_SIGNATURE"
}'
To authenticate users on other blockchains, simply change out the chain parameter within the picket.login() call from "ethereum" to whichever chain you want to authenticate users on. To see which other chains you can choose to authenticate users on, check out our supported blockchains.
You successfully authenticated a user!
The user has proven ownership of their wallet.
You can now also use the access token in future requests to your backend to verify wallet ownership without requiring any future user interaction (until token expiration).
To validate the token from your backend you can call /auth/validate with the accessToken in the body of the request.
Good to know: The login() method can be used to both authenticate wallets and verify token ownership for token gating.
  • To verify ownership, simply include a contract address and minimum balance as parameters.
  • To only authenticate the wallet, call the method with no parameters.

Using Access Tokens

Once you've successfully authenticated a wallet you will have an access token. An access token acts as a secure guarantee of an authenticated wallet until expiration without the need for additional user interactions.
This allows you build and interact with APIs that restrict content based on a user's wallet address. On the client-side, you can include a user's access token API requests, and server-side, you can validate any received access tokens to ensure the request came from a user who owns the wallet address.

1. Include the Access Token in API Requests

Javascript
curl
import Picket from "@picketapi/picket-js";
const picket = new Picket("YOUR_PUBLISHABLE_KEY_HERE");
​
// NOTE: This assumes the user is logged in
const { accessToken } = await picket.authState();
​
await fetch("myapi.com", {
method: "GET",
headers: {
// Use the access token as a bearer auth token
Authorization: `Bearer ${accessToken}`
}
});
curl myapi.com -H "Authorization: Bearer ${ACCESS_TOKEN}"

2. Validate the Access Token Server-Side

Server-side libraries, like picket-node, require a secret API key and must only be used in a secure, server-side environment.
Node
Curl
import Picket from "@picketapi/picket-node";
​
const picket = new Picket("sk_demo123");
​
// REPLACE code to get access token from client request
const accessToken = "";
​
try {
const { walletAddress } = await picket.validate(accessToken);
// save user's wallet address to the DB
} catch (err) {
console.error("invalid access token!");
}
​
curl https://picketapi.com/api/v1/auth/validate \
-X POST \
-u PROJECT_SECRET_KEY \
-H 'Content-Type: application/json' \
-d '{ "accesssToken": ${ACCESS_TOKEN} }'
​

Using Authenticated Wallets for On Chain Interactions

(Optional) Obtaining a Provider for Future On Chain Interactions
The above example verifies that the user owns their wallet and provides you with a JWT to repeatedly validate without further user interaction. If your app needs to use the users wallet for any other on chain interactions, you can optionally connect the users wallet to your site. Simply add picket.connect() before you call which returns a reference to a provider that can be used for further on-chain operations via your web3 library of choice.
import Picket from "@picketapi/picket-js"
const picket = new Picket('YOUR_PUBLISHABLE_KEY_HERE')
import { ethers } from "ethers";
​
​
const { walletAddress, signature, provider } = await picket.connect();
const { accessToken } = await picket.login({ walletAddressess, signature });
​
// use provider for other on-chain operation
const wallet = new ethers.providers.Web3Provider(provider);
const signer = wallet.getSigner();
const balance = await signer.getBalance();
Copy link
On this page
Get your API Key
Install the Picket SDK
Wallet Authentication
Using Access Tokens
Using Authenticated Wallets for On Chain Interactions