Niftory Docs
  • What is Niftory?
  • Get your API Keys
  • 👩‍💻API
    • Niftory Web3 API
    • SDK QuickStart
      • Using the SDK in React
      • Using the SDK from the Server
    • API Quickstart
      • Create your first Wallet
      • API calls with Sample Content
      • Mint your first NFT
    • API Cheat Sheet
    • Niftory Sample App
      • Explore the Sample App
      • Anatomy of a Niftory App
        • Getting Authenticated
        • GraphQL Client Setup
        • API Usage
        • Transfer an NFT
    • 💡Core Concepts
      • Niftory Data Model
      • Authentication
        • Using Your API Key
        • Configuring Your App
        • Privileged Authentication
      • App and AppUser
      • NFTs
        • Creating NFTs
        • Querying NFTs
        • Transferring NFTs
        • Minting NFTs
      • Wallets
        • Create a Niftory Wallet
        • Register External Wallets
        • Query Wallets
      • Contract
      • User Auth (Client-Side)
    • Your Niftory Account
  • 🧑‍💼Admin Portal
    • Niftory Admin Portal
    • 🚀Guides
      • Setting Up Your Org
      • Create Your First NFT
    • 🗺️Explore
      • Org and Apps
      • NFT Collection
        • Sets
        • Collectibles
        • NFTs
    • 💼Use Cases
      • For Engineers
      • For Designers
      • For Business Users
  • 📖Reference
    • GraphQL & Auth Endpoints
    • API Reference
    • SDK API Reference
Powered by GitBook
On this page
  • Client ID
  • Client Secret
  • Include your token with every API request
  • Authentication Endpoints (OAuth Only)

Was this helpful?

  1. API
  2. Core Concepts
  3. Authentication

Configuring Your App

PreviousUsing Your API KeyNextPrivileged Authentication

Last updated 1 year ago

Was this helpful?

The Niftory Platform gives you the ability to create and manage users without using a separate authentication system (Auth0, Firebase, etc). This is fully optional - you're always free to bring your own auth system and interact with the API directly. The best way to set up user authentication is to look at the , and how it configures the Niftory auth provider.

Each application receives two credentials which can be exchanged for auth tokens:

Client ID

The client ID is your application's username. It identifies your application and doesn't change.

Client Secret

The client secret is your application's password. It's the secret that proves that your application is really making calls, and allows your application to authenticate itself and its users.

Never share your client secret with anyone, or use it directly in code. Never commit a .env containing this secret.

It should be kept hidden from your front-end and from your users.

See the to find out how to obtain these properties.

Include your token with every API request

Whatever the you use, you'll end up with a bearer token.

to pass this token in the Authorization header of every request. If you are using next-auth, you can retrieve the session token using the useSession hook.

/**
 * Creates a graphQL client for use in the browser, using the user's auth token for authentication
 * @param url The URL of the GraphQL API
 * @param apiKey The API key
 * @param session The user session
 * @returns The graphQL client
 */
export function getFrontendGraphQLClient(
  url: string,
  apiKey: string,
  session: Session | null
) {
  return new GraphQLClient(url, {
    headers: {
      "X-Niftory-API-Key": apiKey,
      Authorization: session?.authToken ? `Bearer ${session.authToken}` : "",
    },
  });
}
Backend GraphQL Client (using a Client Secret)
let client: GraphQLClient;

export async function getBackendGraphQLClient() {
  client =
    client ||
    new GraphQLClient(process.env.NEXT_PUBLIC_API_PATH, {
      headers: {
        "X-Niftory-API-Key": process.env.NEXT_PUBLIC_API_KEY,
        "X-Niftory-Client-Secret": process.env.CLIENT_SECRET,
      },
    });

  const token = await getClientCredentialsToken();

  client.setHeader("Authorization", `Bearer ${token}`);

  return client;
}

Authentication Endpoints (OAuth Only)

Any authentication library that supports OAuth 2.0 can integrate the Niftory authentication provider.

Environment
URL

Staging

Production

Otherwise, you may need to check the above URLs to find our authorization endpoint and token endpoints.

In the backend you can use to get a token, and then include it in your requests in the same way:

(using OAuth)
let client: GraphQLClient;

export async function getBackendGraphQLClient() {
  client =
    client ||
    new GraphQLClient(process.env.NEXT_PUBLIC_API_PATH, {
      headers: {
        "X-Niftory-API-Key": process.env.NEXT_PUBLIC_API_KEY,
      },
    });

  const token = await getClientCredentialsToken();

  client.setHeader("Authorization", `Bearer ${token}`);

  return client;
}

The information you need to set this up varies depending on the authentication library you use. If your library supports , so you can simply point it to our well-known endpoints:

👩‍💻
💡
Backend GraphQL client
OIDC Discovery
https://auth.staging.niftory.com/.well-known/openid-configuration
https://auth.niftory.com/.well-known/openid-configuration
type of authentication
Frontend graphQL Client with graphql-request
Niftory Sample App
Configure your GraphQL client
Quick Start
Backend Authentication