Picket Docs

Working with Access Tokens

You've logged your user in, you have their access token, what's next?

Using Access Tokens

Once you've successfully authenticated a wallet you will have an access token. An access token acts as a secure guarantee of an authenticated wallet until expiration without the need for additional user interactions.
This allows you build and interact with APIs that restrict content based on a user's wallet address. On the client-side, you can include a user's access token API requests, and server-side, you can validate any received access tokens to ensure the request came from a user who owns the wallet address.

1. Include the Access Token in API Requests

import Picket from "@picketapi/picket-js";
const picket = new Picket("YOUR_PUBLISHABLE_KEY_HERE");
// NOTE: This assumes the user is logged in
const { accessToken } = await picket.authState();
await fetch("myapi.com", {
method: "GET",
headers: {
// Use the access token as a bearer auth token
Authorization: `Bearer ${accessToken}`
curl myapi.com -H "Authorization: Bearer ${ACCESS_TOKEN}"

2. Validate the Access Token Server-Side

Server-side libraries, like picket-node, require a secret API key and must only be used in a secure, server-side environment.
import Picket from "@picketapi/picket-node";
const picket = new Picket("YOUR_SECRET_KEY_HERE");
// REPLACE code to get access token from client request
const accessToken = "";
try {
const { walletAddress } = await picket.validate(accessToken);
// save user's wallet address to the DB
} catch (err) {
console.error("invalid access token!");

Server-Side SDKs

Picket is an API-first platform. You can always use our REST APIs server-side in any language or framework of your choice; however, we offer official Picket libraries for common languages.
Don't see your preferred language? Let us know at [email protected]