Authenticate

POST

user_signers

authenticate

curl --request POST \
  --url https://api.privy.io/v1/user_signers/authenticate \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --header 'privy-app-id: <privy-app-id>' \
  --data '{
  "user_jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
  "encryption_type": "HPKE",
  "recipient_public_key": "DAQcDQgAEx4aoeD72yykviK+fckqE2CItVIGn1rCnvCXZ1HgpOcMEMialRmTrqIK4oZlYd1"
}'

{
  "encrypted_authorization_key": {
    "encryption_type": "HPKE",
    "encapsulated_key": "BECqbgIAcs3TpP5GadS6F8mXkSktR2DR8WNtd3e0Qcy7PpoRHEygpzjFWttntS+SEM3VSr4Thewh18ZP9chseLE=",
    "ciphertext": "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgsqM8IKMlpFxVypBUa/Q2QvB1AmS/g5WHPp3SKq9A75uhRANCAATeX6BDghwclKAH8+/7IjvS1tCpvIfZ570IR44acX93pUGz5iEvpkg+HGaalHAXubuoUMq9CUWRm4wo+3090Nus"
  },
  "expires_at": 1697059200000,
  "wallets": [
    {
      "id": "ubul5xhljqorce73sf82u0p3",
      "address": "0x3DE69Fd93873d40459f27Ce5B74B42536f8d6149",
      "chain_type": "ethereum",
      "policy_ids": [],
      "additional_signers": [
        {
          "signer_id": "p3cyj3n8mt9f9u2htfize511"
        }
      ],
      "created_at": 1744300912643,
      "owner_id": "lzjb3xnjk2ntod3w1hgwa358"
    },
    {
      "id": "sb4y18l68xze8gfszafmyv3q",
      "address": "9wtGmqMamnKfz49XBwnJASbjcVnnKnT78qKopCL54TAk",
      "chain_type": "solana",
      "policy_ids": [],
      "additional_signers": [
        {
          "signer_id": "p3cyj3n8mt9f9u2htfize511"
        }
      ],
      "created_at": 1744300912644,
      "owner_id": "lzjb3xnjk2ntod3w1hgwa358"
    }
  ]
}

Directly managing user authorization keys via the API is an advanced setting. We recommend using Privy’s SDKs, which internally manage user authorization keys if applicable.

This endpoint is used to create an ephemeral signing key for signing requests to take actions with a user’s wallet.

The returned key is encrypted using Hybrid Public Key Encryption (HPKE), with the following configuration:

KEM (Key Encapsulation Mechanism): DHKEM_P256_HKDF_SHA256
KDF (Key Derivation Function): HKDF_SHA256
AEAD (Authenticated Encryption with Associated Data): CHACHA20_POLY1305
Mode: BASE

The response authorization_key is ciphertext and must be decrypted.

Authorizations

Authorization

string

header

required

App secret authentication.

Headers

privy-app-id

string

required

ID of your Privy app.

Body

application/json

user_jwt

string

required

The user's JWT, to be used to authenticate the user.

encryption_type

enum<string>

required

The encryption type for the authentication response. Currently only supports HPKE.

Available options:

HPKE

recipient_public_key

string

required

Base64-encoded public key of the recipient who will decrypt the session key. This key must be generated securely and kept confidential.

Response

200 - application/json

Object with encrypted authorization key and wallet IDs.

encrypted_authorization_key

object

required

The encrypted authorization key data.

expires_at

number

required

The expiration time of the authorization key in seconds since the epoch.

wallets

object[]

required

The wallets that the signer has access to.

Create wallets Create user

curl --request POST \
  --url https://api.privy.io/v1/user_signers/authenticate \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --header 'privy-app-id: <privy-app-id>' \
  --data '{
  "user_jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
  "encryption_type": "HPKE",
  "recipient_public_key": "DAQcDQgAEx4aoeD72yykviK+fckqE2CItVIGn1rCnvCXZ1HgpOcMEMialRmTrqIK4oZlYd1"
}'

{
  "encrypted_authorization_key": {
    "encryption_type": "HPKE",
    "encapsulated_key": "BECqbgIAcs3TpP5GadS6F8mXkSktR2DR8WNtd3e0Qcy7PpoRHEygpzjFWttntS+SEM3VSr4Thewh18ZP9chseLE=",
    "ciphertext": "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgsqM8IKMlpFxVypBUa/Q2QvB1AmS/g5WHPp3SKq9A75uhRANCAATeX6BDghwclKAH8+/7IjvS1tCpvIfZ570IR44acX93pUGz5iEvpkg+HGaalHAXubuoUMq9CUWRm4wo+3090Nus"
  },
  "expires_at": 1697059200000,
  "wallets": [
    {
      "id": "ubul5xhljqorce73sf82u0p3",
      "address": "0x3DE69Fd93873d40459f27Ce5B74B42536f8d6149",
      "chain_type": "ethereum",
      "policy_ids": [],
      "additional_signers": [
        {
          "signer_id": "p3cyj3n8mt9f9u2htfize511"
        }
      ],
      "created_at": 1744300912643,
      "owner_id": "lzjb3xnjk2ntod3w1hgwa358"
    },
    {
      "id": "sb4y18l68xze8gfszafmyv3q",
      "address": "9wtGmqMamnKfz49XBwnJASbjcVnnKnT78qKopCL54TAk",
      "chain_type": "solana",
      "policy_ids": [],
      "additional_signers": [
        {
          "signer_id": "p3cyj3n8mt9f9u2htfize511"
        }
      ],
      "created_at": 1744300912644,
      "owner_id": "lzjb3xnjk2ntod3w1hgwa358"
    }
  ]
}

API reference

Wallets

Policies

Transactions

Key quorums

User signers

Users

Authorizations

Headers

Body

Response