Skip to content

Setting up your server environment

Follow the instructions below to setup your server environment to interact with Privy's APIs.


Privy rate limits REST API endpoints that you may call from your server. If you suspect your team will require an increased rate limit, please reach out to support!

Get your API keys

To start, go to the Privy Dashboard and select your desired app from the dropdown at the top. Then, navigate to the API Keys page for your app.

Retrieve your Privy app ID, app secret, and verification key. Your server will use these values to verify user access tokens and authorize requests the requests it makes to Privy's APIs.


Your app secret is a sensitive value that gives you permission to manage Privy from your server. Do not expose it outside of your backend server.

Your app ID and verification key are public values and can safely be exposed.

Once you've retrieved your API keys, you can begin interacting with Privy's API in one of two ways: using the @privy-io/server-auth library, or querying Privy's REST API directly.

Using @privy-io/server-auth

If your backend is a NodeJS environment, you can use the @privy-io/server-auth library to authorize requests and manage your application from your server.

This library includes helpful utilities around verifying access tokens issued by Privy and interacting with Privy's API to query and import users, create wallets, manage invite lists, and more.

To use @privy-io/server-auth, first install the library:

npm install @privy-io/server-auth@latest

Then, import the PrivyClient class and create an instance of it. As parameters to the construct, pass your Privy app ID and app secret as strings.

import { PrivyClient } from '@privy-io/server-auth';
const privy = new PrivyClient('insert-your-app-id', 'insert-your-app-secret');

You can then use the PrivyClient to verify user access tokens and interface with Privy's API. Refer to the pages in the sidebar for instructions for specific flows.

Using the REST API

If your backend is not a NodeJS environment, or you'd prefer to handle API interactions directly, you can directly query Privy's API to manage your app and users. You can query Privy's API using any programming language that supports HTTP requests.

Whenever requesting Privy's API directly, you must set the following headers:

  • Authorization: Include a Basic Auth header, with your app ID as the username, and your app secret as the password.
  • privy-app-id: Include your app ID as a string.

For example, in a JavaScript fetch request, your headers should look like:

headers: {
    'Authorization': `Basic ${btoa('insert-your-app-id' + ':' + 'insert-your-app-secret')}`,
    'privy-app-id': 'insert-your-app-id'

Requests that do not include these headers will be rejected by Privy's middleware.