🔑
Working with Access Tokens
You've logged your user in, you have their access token, what's next?
Once you've successfully authenticated a wallet you will have an access token. An access token acts as a secure guarantee of an authenticated wallet until expiration without the need for additional user interactions.
This allows you build and interact with APIs that restrict content based on a user's wallet address. On the client-side, you can include a user's access token API requests, and server-side, you can validate any received access tokens to ensure the request came from a user who owns the wallet address.
Javascript
curl
import Picket from "@picketapi/picket-js";
const picket = new Picket("YOUR_PUBLISHABLE_KEY_HERE");
// NOTE: This assumes the user is logged in
const { accessToken } = await picket.authState();
await fetch("myapi.com", {
method: "GET",
headers: {
// Use the access token as a bearer auth token
Authorization: `Bearer ${accessToken}`
}
});
curl myapi.com -H "Authorization: Bearer ${ACCESS_TOKEN}"
Server-side libraries, like
picket-node
, require a secret API key and must only be used in a secure, server-side environment.Node
import Picket from "@picketapi/picket-node";
const picket = new Picket("YOUR_SECRET_KEY_HERE");
// REPLACE code to get access token from client request
const accessToken = "";
try {
const { walletAddress } = await picket.validate(accessToken);
// save user's wallet address to the DB
} catch (err) {
console.error("invalid access token!");
Picket is an API-first platform. You can always use our REST APIs server-side in any language or framework of your choice; however, we offer official Picket libraries for common languages.
Last modified 1yr ago