docs
anky.app

Authentication

v2 Seed Auth (Recommended)

1. Request Challenge

bash
POST /swift/v2/auth/challenge
Content-Type: application/json

{
  "wallet_address": "0x1234567890abcdef1234567890abcdef12345678"
}

Response:

json
{
  "challenge": "Sign this message to authenticate with Anky: a1b2c3d4e5f6...",
  "expires_at": "2026-03-18T12:30:00Z"
}

2. Sign and Verify

Sign the challenge string with your wallet's private key using EIP-191 personal sign, then verify:

bash
POST /swift/v2/auth/verify
Content-Type: application/json

{
  "wallet_address": "0x1234567890abcdef1234567890abcdef12345678",
  "signature": "0x...",
  "challenge": "Sign this message to authenticate with Anky: a1b2c3d4e5f6..."
}

Response:

json
{
  "session_token": "your-bearer-token",
  "user": {
    "id": "user-uuid",
    "wallet_address": "0x1234...",
    "is_premium": false,
    "created_at": "2026-03-01T10:00:00Z"
  }
}

3. Use the Token

All subsequent requests:

Authorization: Bearer your-bearer-token

4. Logout

bash
DELETE /swift/v2/auth/session
Authorization: Bearer your-bearer-token

v1 Privy Auth (Legacy)

bash
POST /swift/v1/auth/privy
Content-Type: application/json

{
  "privy_token": "your-privy-jwt"
}

Returns the same session_token format. Privy auth verifies the JWT against Privy's public keys, finds or creates the user, and mints a backend session.

Session Behavior

  • Sessions are bearer tokens stored in auth_sessions
  • Both v1 and v2 sessions work with both v1 and v2 endpoints
  • Sessions do not expire automatically (logout is explicit)
  • One user can have multiple active sessions (multi-device)