docs / concepts / wallet-auth
Wallet authentication
CIP-30 challenge/response — signatures, not accounts.
Authentication is a CIP-30 signData challenge/response. The issuer hands the wallet a one-time challenge (POST /api/auth/challenge); the wallet returns a COSE_Sign1 envelope; the issuer verifies the signature against the declared stake address.
- No passwords or email — identity is control of a stake key.
- The public subject (
sub) is a salted HMAC pseudonym, not a raw address. - Admin sign-in uses the same primitive with owner keys, plus step-up re-signing for sensitive actions.
Zero custody — signatures are verified, never stored keys. The only private key the service manages is its own issuer signing key, encrypted at rest.
Found an issue in these docs? Edit this page on GitHub ↗