Comment on page
Niftory uses two forms of authentication to keep your application data safe:
Each application gets an API Key when registered with Niftory for project-level authentication. This key needs to be passed as
X-Niftory-API-Keyheader alongside every API request. For privileged authentication (used for minting, wallet creation, transferring and more), you can either use the
X-Niftory-Client-Secretheader or use OAuth.
For more information, see below:
Remember: Never share your client secret with anyone, or use it directly in code. Never commit a
.envcontaining this secret.
It should be kept hidden from your front-end and from your users.
Each application gets a client ID and a client secret from Niftory that can be used to authenticate the application itself, as well as its users, to use the Niftory API.