Niftory Docs
  • What is Niftory?
  • Get your API Keys
  • 👩‍💻API
    • Niftory Web3 API
    • SDK QuickStart
      • Using the SDK in React
      • Using the SDK from the Server
    • API Quickstart
      • Create your first Wallet
      • API calls with Sample Content
      • Mint your first NFT
    • API Cheat Sheet
    • Niftory Sample App
      • Explore the Sample App
      • Anatomy of a Niftory App
        • Getting Authenticated
        • GraphQL Client Setup
        • API Usage
        • Transfer an NFT
    • 💡Core Concepts
      • Niftory Data Model
      • Authentication
        • Using Your API Key
        • Configuring Your App
        • Privileged Authentication
      • App and AppUser
      • NFTs
        • Creating NFTs
        • Querying NFTs
        • Transferring NFTs
        • Minting NFTs
      • Wallets
        • Create a Niftory Wallet
        • Register External Wallets
        • Query Wallets
      • Contract
      • User Auth (Client-Side)
    • Your Niftory Account
  • 🧑‍💼Admin Portal
    • Niftory Admin Portal
    • 🚀Guides
      • Setting Up Your Org
      • Create Your First NFT
    • 🗺️Explore
      • Org and Apps
      • NFT Collection
        • Sets
        • Collectibles
        • NFTs
    • 💼Use Cases
      • For Engineers
      • For Designers
      • For Business Users
  • 📖Reference
    • GraphQL & Auth Endpoints
    • API Reference
    • SDK API Reference
Powered by GitBook
On this page
  • API Keys
  • OAuth 2.0

Was this helpful?

  1. API
  2. Core Concepts

Authentication

PreviousNiftory Data ModelNextUsing Your API Key

Last updated 1 year ago

Was this helpful?

Follow Anatomy of a Niftory App for a practical guide on setting up authentication for your application.

Niftory uses two forms of authentication to keep your application data safe:

API Keys

Each application gets an API Key when registered with Niftory for project-level authentication. This key needs to be passed as X-Niftory-API-Key header alongside every API request. For privileged authentication (used for minting, wallet creation, transferring and more), you can either use the X-Niftory-Client-Secret header or use OAuth.

For more information, see below:

Remember: Never share your client secret with anyone, or use it directly in code. Never commit a .env containing this secret.

It should be kept hidden from your front-end and from your users.

OAuth 2.0

Authentication and authorization can be hard in any application, especially in a space as confusing as web3. For any operations that require user or app authorization, we use OAuth 2.0.

Each application gets a client ID and a client secret from Niftory that can be used to authenticate the application itself, as well as its users, to use the Niftory API.

👩‍💻
💡
Using Your API Key
Configuring Your App