Overview

Privy’s wallet system supports granular controls on who can access wallets and what actions different users can perform.

To enforce these controls, Privy’s API must verify the identity of the party requesting a wallet action, ensuring that only authorized actions are executed by the system. This is process is known as authentication.

Privy supports both API authentication and user authentication for authenticating access to wallets.

​

API authentication

With API authentication, Privy authenticates a request from your server directly using an API secret. This ensures that Privy only executes requests sent by your servers alone, and no other party.

In addition to the API secret, you can also configure authorization keys that control specific wallets, policies, and other resources. Any requests to use or update these resources require a signature from the corresponding authorization key. This allows you to enforce granular controls on all Privy resources.

​

User authentication

Privy is a powerful toolkit for progressive authentication of users. With fine-grained control over onboarding flows and wallet connections, you can improve conversion and craft better UX.

Using any of Privy’s client-side SDKs, your app can authenticate users across web2 and web3 accounts, including:

• JWT-based authentication: Your app’s existing JWT-based authentication system. This includes any OIDC compliant authentication system, including OAuth 2.0, Auth0, Firebase, AWS Cognito, and more.
• Email or SMS: Passwordless login via an one-time passcode sent to a user’s email address or phone number.
• Passkey: Biometric or passkey-based login based on the WebAuthn standard.
• OAuth and socials: Social login with Google, Apple, Twitter, Discord, GitHub, LinkedIn, Spotify, Telegram, Farcaster, and more.
• Wallets: External wallet login via Sign-In With Ethereum and Sign-In With Solana.

Your app can configure each of the account types above to be an upfront login method, or as an account that users link to their profile after login.

All of Privy’s authentication methods create a common user object, where you can easily find a user’s unique ID and all of the accounts they’ve linked to their profile. A user is a user, regardless of whether they’ve connected with a wallet, email or Discord account.

Once a user of your application successfully authenticates with Privy, Privy issues an access token for the user that you app can additionally use to represent an authenticated session or to make authenticated requests to your backend.

​

Get started