Comment on page


Follow Anatomy of a Niftory App for a practical guide on setting up authentication for your application.
Niftory uses two forms of authentication to keep your application data safe:

API Keys

Each application gets an API Key when registered with Niftory for project-level authentication. This key needs to be passed as X-Niftory-API-Key header alongside every API request. For privileged authentication (used for minting, wallet creation, transferring and more), you can either use the X-Niftory-Client-Secret header or use OAuth.
For more information, see below:
Remember: Never share your client secret with anyone, or use it directly in code. Never commit a .env containing this secret.
It should be kept hidden from your front-end and from your users.

OAuth 2.0

Authentication and authorization can be hard in any application, especially in a space as confusing as web3. For any operations that require user or app authorization, we use OAuth 2.0.
Each application gets a client ID and a client secret from Niftory that can be used to authenticate the application itself, as well as its users, to use the Niftory API.