search

Authentication

The YieldFi SDK uses EVM wallet signatures for user authentication. This provides a secure, non-custodial authentication mechanism that doesn't require passwords or API keys.

hashtag
Authentication Flow

The authentication process follows these steps:

  1. Generate Nonce - Request a unique message to sign

  2. Sign Message - User signs the message with their wallet

  3. Login - Submit signature to receive access and refresh tokens

  4. Store Tokens - Store tokens in your application (localStorage, sessionStorage, etc.)

  5. Use Tokens - Include access token in authenticated API requests

  6. Refresh - Refresh access token when it expires

hashtag
Key Concepts

hashtag
Wallet-Based Authentication

Users authenticate using their Ethereum wallet (MetaMask, WalletConnect, etc.). No passwords or usernames are required.

hashtag
Token Management

Important: The SDK does not store tokens internally. You are responsible for:

  • Storing tokens securely

  • Retrieving tokens when needed

  • Refreshing expired tokens

  • Clearing tokens on logout

hashtag
Access Tokens

Access tokens are JWT tokens that authenticate API requests. They have a limited lifetime (typically 15 minutes) and must be refreshed periodically.

hashtag
Refresh Tokens

Refresh tokens are used to obtain new access tokens without requiring the user to sign again. They have a longer lifetime (typically 7 days).

hashtag
Quick Example

hashtag
Next Steps

  • Wallet Authentication - Detailed guide on wallet authentication

  • Token Management - How to manage and refresh tokens

  • User Consent - Managing user consent records

PreviousInstallationNextAuthentication

Last updated