Picket Docs

Go Library - picket-go

The official Go library for the Picket API


The official Picket API Go library. View it on Github.


go get -u github.com/picketapi/picket-go

Usage - Quick Start

Use the picketapi.NewClient to create the Picket API client. It takes a secret API key as a parameter.
import (
picketapi "github.com/picketapi/picket-go"
picket := picketapi.NewClient("YOUR_SECRET_API_KEY")


A nonce is random value generated by the Picket API to that user must sign to prove ownership a wallet address. The nonce function can be used to implement your own wallet authentication flow.
A nonce is unique to a project and wallet address. If a nonce doesn't exist for the project and wallet address, Picket will generate a new nonce; otherwise, Picket will return the existing nonce. A nonce is valid for two minutes before self-destructing.
resp, err := picket.Nonce(picketapi.NonceArgs{
Chain: "solana",
WalletAddress: "wAllEtadDresS",
fmt.Printf("received nonce: %s", resp.Nonce)


auth is the server-side equivalent of login. auth should only be used in a trusted server environment. The most common use-case for auth is linking a wallet to an existing application account.
resp, err := picket.Auth(picketapi.AuthArgs{
Chain: "ethereum",
WalletAddress: "0x1234567890",
Signature: "abcdefghijklmnop",
fmt.Printf("received access token: %s", resp.AccessToken)

Authz (Authorize)

Incremental Authorization (Authz)
To understand the use-cases for using authz over auth, read about Incremental Authorization​
authz stands for authorization. Unlike Auth, which handles both authentication and authorization, Authz only handles authorization. Given an authenticated user's access token and authorization requirements, authz will issue a new access token on success (user is authorized) or, on failure, it will return a 4xx HTTP error code.
resp, err := picket.Authz(picketapi.AuthzArgs{
AccessToken: "aaa.bbb.ccc",
Requirements: picketapi.AuthorizationRequirements{
ContractAddress: "0xContract",
MinTokenBalance: "100",
fmt.Printf("received updated access token: %s", resp.AccessToken)


validate validates an access token. validate should be called, or manually access token validation should be done, server-side before trusting a request's access token. It's common to move access token validation and decoding logic to a shared middleware across API endpoints. If the access token is valid, validate returns the decoded claims of the access token.
resp, err := picket.Validate(picketapi.ValidateArgs{
AccessToken: "aaa.bbb.ccc",
// Authorizatopn args are optional
Requirements: picketapi.AuthorizationRequirements{
ContractAddress: "0xContract",
MinTokenBalance: "100",
fmt.Printf("decoded access token: %v", resp)

Verify Token Ownership

If you only want to verify token ownership server side for a given wallet, tokenOwnership allows you to do just that.
resp, err := picket.TokenOwnership(picketapi.TokenOwnershipArgs{
Chain: "solana",
WalletAddress: "waLLeTaddrESs",
Requirements: picketapi.AuthorizationRequirements{
MinTokenBalance: "3",
fmt.Printf("wallet has sufficient tokens: %s", resp.Allowed)