.png%3Falt%3Dmedia%26token%3D97e33c34-d108-44ae-a426-5cca033da6d7)
.png%3Falt%3Dmedia%26token%3D97e33c34-d108-44ae-a426-5cca033da6d7)
Comment on page
Authentication
Follow Anatomy of a Niftory App for a practical guide on setting up authentication for your application.
Niftory uses two forms of authentication to keep your application data safe:
Each application gets an API Key when registered with Niftory for project-level authentication. This key needs to be passed as
X-Niftory-API-Key header alongside every API request. For privileged authentication (used for minting, wallet creation, transferring and more), you can either use the X-Niftory-Client-Secret header or use OAuth.For more information, see below:
Remember: Never share your client secret with anyone, or use it directly in code. Never commit a
.env containing this secret.It should be kept hidden from your front-end and from your users.
Authentication and authorization can be hard in any application, especially in a space as confusing as web3. For any operations that require user or app authorization, we use OAuth 2.0.
Each application gets a client ID and a client secret from Niftory that can be used to authenticate the application itself, as well as its users, to use the Niftory API.
Last modified 3mo ago