Skip to main content
POST
/
v1
/
wallets
/
authenticate
Authenticate wallet session
curl --request POST \
  --url https://api.privy.io/v1/wallets/authenticate \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --header 'privy-app-id: <privy-app-id>' \
  --data '
{
  "user_jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
  "encryption_type": "HPKE",
  "recipient_public_key": "DAQcDQgAEx4aoeD72yykviK+fckqE2CItVIGn1rCnvCXZ1HgpOcMEMialRmTrqIK4oZlYd1"
}
'
{
  "encrypted_authorization_key": {
    "encryption_type": "HPKE",
    "encapsulated_key": "BECqbgIAcs3TpP5GadS6F8mXkSktR2DR8WNtd3e0Qcy7PpoRHEygpzjFWttntS+SEM3VSr4Thewh18ZP9chseLE=",
    "ciphertext": "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgsqM8IKMlpFxVypBUa/Q2QvB1AmS/g5WHPp3SKq9A75uhRANCAATeX6BDghwclKAH8+/7IjvS1tCpvIfZ570IR44acX93pUGz5iEvpkg+HGaalHAXubuoUMq9CUWRm4wo+3090Nus"
  },
  "expires_at": 1697059200000,
  "wallets": [
    {
      "id": "ubul5xhljqorce73sf82u0p3",
      "address": "0x3DE69Fd93873d40459f27Ce5B74B42536f8d6149",
      "chain_type": "ethereum",
      "policy_ids": [],
      "additional_signers": [
        {
          "signer_id": "p3cyj3n8mt9f9u2htfize511",
          "override_policy_ids": []
        }
      ],
      "created_at": 1744300912643,
      "owner_id": "lzjb3xnjk2ntod3w1hgwa358",
      "exported_at": null,
      "imported_at": null,
      "archived_at": null
    },
    {
      "id": "sb4y18l68xze8gfszafmyv3q",
      "address": "9wtGmqMamnKfz49XBwnJASbjcVnnKnT78qKopCL54TAk",
      "chain_type": "solana",
      "policy_ids": [],
      "additional_signers": [
        {
          "signer_id": "p3cyj3n8mt9f9u2htfize511",
          "override_policy_ids": []
        }
      ],
      "created_at": 1744300912644,
      "owner_id": "lzjb3xnjk2ntod3w1hgwa358",
      "exported_at": null,
      "imported_at": null,
      "archived_at": null
    }
  ]
}
Directly managing user authorization keys via the API is an advanced setting. We recommend using Privy’s SDKs, which internally manage user authorization keys if applicable.
This endpoint is used to create an ephemeral signing key for signing requests to take actions with a user’s wallet. The returned key is encrypted using Hybrid Public Key Encryption (HPKE), with the following configuration:
  • KEM (Key Encapsulation Mechanism): DHKEM_P256_HKDF_SHA256
  • KDF (Key Derivation Function): HKDF_SHA256
  • AEAD (Authenticated Encryption with Associated Data): CHACHA20_POLY1305
  • Mode: BASE
The response authorization_key is ciphertext and must be decrypted.

Authorizations

Authorization
string
header
required

Basic Auth header with your app ID as the username and your app secret as the password.

Headers

privy-app-id
string
required

ID of your Privy app.

Body

application/json

Request body for wallet authentication with HPKE-encrypted response.

user_jwt
string
required

The user's JWT, to be used to authenticate the user.

encryption_type
enum<string>
required

The encryption type for the authentication response. Currently only supports HPKE.

Available options:
HPKE
recipient_public_key
string
required

The public key of your ECDH keypair, in base64-encoded, SPKI-format, whose private key will be able to decrypt the session key.

Response

200 - application/json

Object with authorization key and wallet IDs.

The response from authenticating a wallet with HPKE encryption, containing an encrypted authorization key and wallet data.

encrypted_authorization_key
EncryptedAuthorizationKey · object
required

HPKE-encrypted authorization key with encapsulated key and ciphertext.

expires_at
number
required

The expiration time of the authorization key in milliseconds since the epoch.

wallets
Wallet · object[]
required