search

πŸ”‘Working with Access Tokens

You've logged your user in, you have their access token, what's next?

hashtag
Using Access Tokens

Once you've successfully authenticated a wallet you will have an access token. An access token acts as a secure guarantee of an authenticated wallet until expiration without the need for additional user interactions.

This allows you build and interact with APIs that restrict content based on a user's wallet address. On the client-side, you can include a user's access token API requests, and server-side, you can validate any received access tokens to ensure the request came from a user who owns the wallet address.

hashtag
1. Include the Access Token in API Requests

import Picket from "@picketapi/picket-js";
const picket = new Picket("YOUR_PUBLISHABLE_KEY_HERE");

// NOTE: This assumes the user is logged in
const { accessToken } = await picket.authState();

await fetch("myapi.com", {
    method: "GET",
    headers: {
        // Use the access token as a bearer auth token
        Authorization: `Bearer ${accessToken}`
    }
});

hashtag
2. Validate the Access Token Server-Side

circle-exclamation

Server-side libraries, like picket-node, require a secret API key and must only be used in a secure, server-side environment.

hashtag
Server-Side SDKs

Picket is an API-first platform. You can always use our REST APIs server-side in any language or framework of your choice; however, we offer official Picket libraries for common languages.

Node.js Library - picket-nodechevron-rightGo Library - picket-gochevron-rightPython Library - picket-pythonchevron-right

Don't see your preferred language? Let us know at [email protected]envelope

PreviousRestrict Access to Specific WalletsNextConcepts

Last updated