curl --request POST \
--url https://api.privy.io/v1/user_signers/authenticate \
--header 'Authorization: Basic <encoded-value>' \
--header 'Content-Type: application/json' \
--header 'privy-app-id: <privy-app-id>' \
--data '{
"user_jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
"encryption_type": "HPKE",
"recipient_public_key": "DAQcDQgAEx4aoeD72yykviK+fckqE2CItVIGn1rCnvCXZ1HgpOcMEMialRmTrqIK4oZlYd1"
}'
{
"encrypted_authorization_key": {
"encryption_type": "HPKE",
"encapsulated_key": "BECqbgIAcs3TpP5GadS6F8mXkSktR2DR8WNtd3e0Qcy7PpoRHEygpzjFWttntS+SEM3VSr4Thewh18ZP9chseLE=",
"ciphertext": "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgsqM8IKMlpFxVypBUa/Q2QvB1AmS/g5WHPp3SKq9A75uhRANCAATeX6BDghwclKAH8+/7IjvS1tCpvIfZ570IR44acX93pUGz5iEvpkg+HGaalHAXubuoUMq9CUWRm4wo+3090Nus"
},
"expires_at": 1697059200000,
"wallets": [
{
"id": "ubul5xhljqorce73sf82u0p3",
"address": "0x3DE69Fd93873d40459f27Ce5B74B42536f8d6149",
"chain_type": "ethereum",
"policy_ids": [],
"additional_signers": [
{
"signer_id": "p3cyj3n8mt9f9u2htfize511"
}
],
"created_at": 1744300912643,
"owner_id": "lzjb3xnjk2ntod3w1hgwa358"
},
{
"id": "sb4y18l68xze8gfszafmyv3q",
"address": "9wtGmqMamnKfz49XBwnJASbjcVnnKnT78qKopCL54TAk",
"chain_type": "solana",
"policy_ids": [],
"additional_signers": [
{
"signer_id": "p3cyj3n8mt9f9u2htfize511"
}
],
"created_at": 1744300912644,
"owner_id": "lzjb3xnjk2ntod3w1hgwa358"
}
]
}
This feature is currently in development and will be available in an upcoming release.
This endpoint is used to create an ephemeral signing key for signing requests to take actions with a user’s wallet.
The returned key is encrypted using Hybrid Public Key Encryption (HPKE), with the following configuration:
- KEM (Key Encapsulation Mechanism): DHKEM_P256_HKDF_SHA256
- KDF (Key Derivation Function): HKDF_SHA256
- AEAD (Authenticated Encryption with Associated Data): CHACHA20_POLY1305
- Mode: BASE
The response authorization_key is ciphertext and must be decrypted.
App secret authentication.
The user's JWT, to be used to authenticate the user.
The encryption type for the authentication response. Currently only supports HPKE.
Base64-encoded public key of the recipient who will decrypt the session key. This key must be generated securely and kept confidential.
Object with encrypted authorization key and wallet IDs.
encrypted_authorization_key
The encrypted authorization key data.
encrypted_authorization_key.encryption_type
The encryption type used. Currently only supports HPKE.
encrypted_authorization_key.encapsulated_key
Base64-encoded ephemeral public key used in the HPKE encryption process. Required for decryption.
encrypted_authorization_key.ciphertext
The encrypted authorization key corresponding to the user's current authentication session.
The expiration time of the authorization key in seconds since the epoch.
The wallets that the signer has access to.
Unique ID of the wallet. This will be the primary identifier when using the wallet in the future.
Unix timestamp of when the wallet was created in milliseconds.
Chain type of the wallet. 'Ethereum' supports any EVM-compatible network.
Available options:
solana,
ethereum
List of policy IDs for policies that are enforced on the wallet.
The key quorum ID of the owner of the wallet.
wallets.additional_signers
Additional signers for the wallet.
wallets.additional_signers.signer_id
wallets.authorization_threshold
The number of authorization key signatures required to approve a transaction.
