# Authentication The YieldFi SDK uses EVM wallet signatures for user authentication. This provides a secure, non-custodial authentication mechanism that doesn't require passwords or API keys. ### Authentication Flow The authentication process follows these steps: 1. **Generate Nonce** - Request a unique message to sign 2. **Sign Message** - User signs the message with their wallet 3. **Login** - Submit signature to receive access and refresh tokens 4. **Store Tokens** - Store tokens in your application (localStorage, sessionStorage, etc.) 5. **Use Tokens** - Include access token in authenticated API requests 6. **Refresh** - Refresh access token when it expires ### Key Concepts #### Wallet-Based Authentication Users authenticate using their Ethereum wallet (MetaMask, WalletConnect, etc.). No passwords or usernames are required. #### Token Management **Important:** The SDK does **not** store tokens internally. You are responsible for: * Storing tokens securely * Retrieving tokens when needed * Refreshing expired tokens * Clearing tokens on logout #### Access Tokens Access tokens are JWT tokens that authenticate API requests. They have a limited lifetime (typically 15 minutes) and must be refreshed periodically. #### Refresh Tokens Refresh tokens are used to obtain new access tokens without requiring the user to sign again. They have a longer lifetime (typically 7 days). ### Quick Example ```typescript import { YieldFiSDK } from "yieldfi-sdk"; import { ethers } from "ethers"; const sdk = await YieldFiSDK.create({ gatewayUrl: "https://gw.yield.fi", }); // 1. Generate nonce const nonce = await sdk.auth.generateNonce({ address: "0x...", }); // 2. Sign with wallet const provider = new ethers.BrowserProvider(window.ethereum); const signer = await provider.getSigner(); const signature = await signer.signMessage(nonce.message); // 3. Login const authResponse = await sdk.auth.login({ address: "0x...", signature, message: nonce.message, }); // 4. Store tokens localStorage.setItem("accessToken", authResponse.accessToken); localStorage.setItem("refreshToken", authResponse.refreshToken); ``` ### Next Steps * Wallet Authentication - Detailed guide on wallet authentication * Token Management - How to manage and refresh tokens * User Consent - Managing user consent records --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.yield.fi/earn-with-yieldfi/integration-sdk/authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.