Authentication

Follow Anatomy of a Niftory App for a practical guide on setting up authentication for your application.

Niftory uses two forms of authentication to keep your application data safe:

API Keys

Each application gets an API Key when registered with Niftory for project-level authentication. This key needs to be passed as X-Niftory-API-Key header alongside every API request. For privileged authentication (used for minting, wallet creation, transferring and more), you can either use the X-Niftory-Client-Secret header or use OAuth.

For more information, see below:

Using Your API Key

Remember: Never share your client secret with anyone, or use it directly in code. Never commit a .env containing this secret.

It should be kept hidden from your front-end and from your users.

OAuth 2.0

Authentication and authorization can be hard in any application, especially in a space as confusing as web3. For any operations that require user or app authorization, we use OAuth 2.0.

Each application gets a client ID and a client secret from Niftory that can be used to authenticate the application itself, as well as its users, to use the Niftory API.

Configuring Your App

Last updated

Was this helpful?