Skip to main content
POST
/
v1
/
wallets
/
authenticate
Obtain a session key to enable wallet access.
curl --request POST \
  --url https://api.privy.io/v1/wallets/authenticate \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --header 'privy-app-id: <privy-app-id>' \
  --data '
{
  "user_jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
  "encryption_type": "HPKE",
  "recipient_public_key": "DAQcDQgAEx4aoeD72yykviK+fckqE2CItVIGn1rCnvCXZ1HgpOcMEMialRmTrqIK4oZlYd1"
}
'
{
  "encrypted_authorization_key": {
    "encryption_type": "HPKE",
    "encapsulated_key": "BECqbgIAcs3TpP5GadS6F8mXkSktR2DR8WNtd3e0Qcy7PpoRHEygpzjFWttntS+SEM3VSr4Thewh18ZP9chseLE=",
    "ciphertext": "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgsqM8IKMlpFxVypBUa/Q2QvB1AmS/g5WHPp3SKq9A75uhRANCAATeX6BDghwclKAH8+/7IjvS1tCpvIfZ570IR44acX93pUGz5iEvpkg+HGaalHAXubuoUMq9CUWRm4wo+3090Nus"
  },
  "expires_at": 1697059200000,
  "wallets": [
    {
      "id": "ubul5xhljqorce73sf82u0p3",
      "address": "0x3DE69Fd93873d40459f27Ce5B74B42536f8d6149",
      "chain_type": "ethereum",
      "policy_ids": [],
      "additional_signers": [
        {
          "signer_id": "p3cyj3n8mt9f9u2htfize511",
          "override_policy_ids": []
        }
      ],
      "created_at": 1744300912643,
      "owner_id": "lzjb3xnjk2ntod3w1hgwa358",
      "exported_at": null,
      "imported_at": null
    },
    {
      "id": "sb4y18l68xze8gfszafmyv3q",
      "address": "9wtGmqMamnKfz49XBwnJASbjcVnnKnT78qKopCL54TAk",
      "chain_type": "solana",
      "policy_ids": [],
      "additional_signers": [
        {
          "signer_id": "p3cyj3n8mt9f9u2htfize511",
          "override_policy_ids": []
        }
      ],
      "created_at": 1744300912644,
      "owner_id": "lzjb3xnjk2ntod3w1hgwa358",
      "exported_at": null,
      "imported_at": null
    }
  ]
}
Directly managing user authorization keys via the API is an advanced setting. We recommend using Privy’s SDKs, which internally manage user authorization keys if applicable.
This endpoint is used to create an ephemeral signing key for signing requests to take actions with a user’s wallet. The returned key is encrypted using Hybrid Public Key Encryption (HPKE), with the following configuration:
  • KEM (Key Encapsulation Mechanism): DHKEM_P256_HKDF_SHA256
  • KDF (Key Derivation Function): HKDF_SHA256
  • AEAD (Authenticated Encryption with Associated Data): CHACHA20_POLY1305
  • Mode: BASE
The response authorization_key is ciphertext and must be decrypted.

Authorizations

Authorization
string
header
required

Basic Auth header with your app ID as the username and your app secret as the password.

Headers

privy-app-id
string
required

ID of your Privy app.

Body

application/json
user_jwt
string
required

The user's JWT, to be used to authenticate the user.

encryption_type
enum<string>

The encryption type for the authentication response. Currently only supports HPKE.

Available options:
HPKE
recipient_public_key
string

The public key of your ECDH keypair, in base64-encoded, SPKI-format, whose private key will be able to decrypt the session key.

Response

200 - application/json

Object with authorization key and wallet IDs.

  • With encryption
  • Without encryption
encrypted_authorization_key
object
required

The encrypted authorization key data.

expires_at
number
required

The expiration time of the authorization key in seconds since the epoch.

wallets
object[]
required