Using Access Tokens

Once you've successfully authenticated a wallet you will have an access token. An access token acts as a secure guarantee of an authenticated wallet until expiration without the need for additional user interactions.

This allows you build and interact with APIs that restrict content based on a user's wallet address. On the client-side, you can include a user's access token API requests, and server-side, you can validate any received access tokens to ensure the request came from a user who owns the wallet address.

1. Include the Access Token in API Requests

import Picket from "@picketapi/picket-js";
const picket = new Picket("YOUR_PUBLISHABLE_KEY_HERE");

// NOTE: This assumes the user is logged in
const { accessToken } = await picket.authState();

await fetch("myapi.com", {
    method: "GET",
    headers: {
        // Use the access token as a bearer auth token
        Authorization: `Bearer ${accessToken}`
    }
});

curl myapi.com -H "Authorization: Bearer ${ACCESS_TOKEN}"

2. Validate the Access Token Server-Side

import Picket from "@picketapi/picket-node";

const picket = new Picket("YOUR_SECRET_KEY_HERE");

// REPLACE code to get access token from client request
const accessToken = "";

try {
    const { walletAddress } = await picket.validate(accessToken);
    // save user's wallet address to the DB
} catch (err) {
    console.error("invalid access token!");

Server-Side SDKs

Picket is an API-first platform. You can always use our REST APIs server-side in any language or framework of your choice; however, we offer official Picket libraries for common languages.

Don't see your preferred language? Let us know at team@picketapi.com