POST
/
v1
/
user_signers
/
authenticate
curl --request POST \
  --url https://api.privy.io/v1/user_signers/authenticate \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --header 'privy-app-id: <privy-app-id>' \
  --data '{
  "user_jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
  "encryption_type": "HPKE",
  "recipient_public_key": "DAQcDQgAEx4aoeD72yykviK+fckqE2CItVIGn1rCnvCXZ1HgpOcMEMialRmTrqIK4oZlYd1"
}'
{
  "encrypted_authorization_key": {
    "encryption_type": "HPKE",
    "encapsulated_key": "BECqbgIAcs3TpP5GadS6F8mXkSktR2DR8WNtd3e0Qcy7PpoRHEygpzjFWttntS+SEM3VSr4Thewh18ZP9chseLE=",
    "ciphertext": "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgsqM8IKMlpFxVypBUa/Q2QvB1AmS/g5WHPp3SKq9A75uhRANCAATeX6BDghwclKAH8+/7IjvS1tCpvIfZ570IR44acX93pUGz5iEvpkg+HGaalHAXubuoUMq9CUWRm4wo+3090Nus"
  },
  "expires_at": 1697059200000,
  "wallets": [
    {
      "id": "ubul5xhljqorce73sf82u0p3",
      "address": "0x3DE69Fd93873d40459f27Ce5B74B42536f8d6149",
      "chain_type": "ethereum",
      "policy_ids": [],
      "additional_signers": [
        {
          "signer_id": "p3cyj3n8mt9f9u2htfize511"
        }
      ],
      "created_at": 1744300912643,
      "owner_id": "lzjb3xnjk2ntod3w1hgwa358"
    },
    {
      "id": "sb4y18l68xze8gfszafmyv3q",
      "address": "9wtGmqMamnKfz49XBwnJASbjcVnnKnT78qKopCL54TAk",
      "chain_type": "solana",
      "policy_ids": [],
      "additional_signers": [
        {
          "signer_id": "p3cyj3n8mt9f9u2htfize511"
        }
      ],
      "created_at": 1744300912644,
      "owner_id": "lzjb3xnjk2ntod3w1hgwa358"
    }
  ]
}

Directly managing user authorization keys via the API is an advanced setting. We recommend using Privy’s SDKs, which internally manage user authorization keys if applicable.

This endpoint is used to create an ephemeral signing key for signing requests to take actions with a user’s wallet.

The returned key is encrypted using Hybrid Public Key Encryption (HPKE), with the following configuration:

  • KEM (Key Encapsulation Mechanism): DHKEM_P256_HKDF_SHA256
  • KDF (Key Derivation Function): HKDF_SHA256
  • AEAD (Authenticated Encryption with Associated Data): CHACHA20_POLY1305
  • Mode: BASE

The response authorization_key is ciphertext and must be decrypted.

Authorizations

Authorization
string
header
required

Basic Auth header with your app ID as the username and your app secret as the password.

Headers

privy-app-id
string
required

ID of your Privy app.

Body

application/json

Response

200 - application/json

Object with encrypted authorization key and wallet IDs.

The response is of type object.