Get Started Here

Authenticating + Pre-work Before Using API

Suggest Edits

Introduction

🌟 Welcome to the world's first user-owned data sharing protocol! We're excited to announce that the Developer Sandbox is now open to all developers, allowing you to dive in and experiment with our protocol. Access the developer dashboard here: Gateway Website.

Full details regarding the API endpoints can be found here.

A sandbox to play around in can be found here.

📘

Please note: Mainnet remains exclusive and is by invitation only. Interested in getting onboard? Fill out this form to join our waitlist. We look forward to having you with us! 🚀

Playground within the Dashboard

Playground within the Dashboard

API Key

❗️

In order to use the API, we recommend initializing your GatewayID on the following link.

To use the API outside of the playground in the dashboard, it’s necessary to get an API key and Authentication Token. The API key can be found on the dashboard in the "Developer Access" Section.

📘

For the Mainnet, a unique API key will be provided to you.

Copy the API key into the header of the API:

Headers
---

{
	"x-api-key": "<the API key you get on the dashboard>"
}

Rate Limit

The rate limit for the public API key is 20 req/sec, except for:

  • PDA issuance
  • Proof creation

If you’re an organization that is looking to get higher usage limits, please contact us on [email protected].

🚧

This API key is subject to standard rate limits. If you've been given special rate limits, your API key will differ.

Authorization Token

The authorization token in the header ensures secure access, verifying the user's identity and permissions before allowing interaction with the API. It's a crucial safeguard against unauthorized access and potential data breaches. There are 2 ways it can be retrieved:

  1. Using the Dashboard
  2. Through the API directly

Option 1: Using Dashboard

To find the Authorization token through the Dashboard, navigate to the "Developer Access" tab.

From here, you can retrieve the Authentication Token by copying it from here and pasting it underneath the API key as seen in the following:

Headers
---

{
	"x-api-key": "<f9p_9z3V3WZfv3IT_fnFTSXBxlAmhhz->",
	"Authentication": "Bearer <your token>"
}

Option 2: Token Through API

You can retrieve your Authentication Token by logging in through the API. The steps will vary depending on whether or not you login in through your wallet (Solana or EVM) or Email.

Wallet

Concept: to login using a wallet, the user needs to generate a message and sign it using their wallet. The output will be a token that will allow us to authenticate the user and transact on their behalf [we can re-write this!].

Step 1 - Create a nonce using createWalletNonce

For you to authenticate using a wallet, you need to create a nonce that you’ll need to sign after. For that, you can use the mutation createWalletNonce.

mutation($wallet: String!) {
  createWalletNonce(input: { wallet: "<wallet>" }) {
    message
  }
}

Step 2 - Sign the message with the wallet

Sign the message with the wallet you specified. Remember to replace \n with new lines (you can use a tool like this to unescape the JSON).

You can use Etherscan to sign the message and get the signature hash, which is needed for the next step.

Alternatively, you can use libraries like Web3.js, Ethers.js or any other programmatic way of signing the message.

Step 3 - Verify the signature and save the token

After you sign, you can now use loginWallet to get the authentication token. Make sure to pass the wallet you used and the signature you got on Etherscan or your chosen signing method.

mutation {
	loginWallet(
		input: {
			signature: "<the signature of the message>",
			wallet: "<the wallet used to sign>"
		}
	) {
		token
	}
}

Success! ✅

Email

Concept: to login using an email, the user will receive a verification code that they need to validate to get the authentication token.

Step 1 - Create a verification code using createEmailNonce

For you to login using an email, you need to generate a verification code that will be sent to your email for confirmation purposes. To do that you can use the mutation createEmailNonce.

mutation {
	createEmailNonce(input: { email: "<your email>" }) {
		code
	}
}

Step 2 - Get the code on your email

After you generate the code, you should have received an email containing the following contents:

Make sure to copy the code for the next step. The code expires in 30 minutes.

Make sure to copy the code for the next step. The code expires in 30 minutes.

Step 3 - Verify the code and save the token

After you sign, you can now use loginEmail to get the authentication token. Make sure to pass the email you used and the verification code you got on the inbox.

mutation {
	loginEmail(input: { email: "<email>", code: "<code>" }) {
		token
	}
}

Success! ✅

Next Steps

With the token generated, you can now use it to make authenticated calls to the API. Similar to the API key, we’ll need to pass the authentication token as a request header every time we want to call the API, in the following format:

Headers
---

{
	"x-api-key": "<the API key you get on the dashboard>",
	"Authentication": "Bearer <your token>"
}

After that, you can start making calls to the API - you’ll be able to consume and issue PDAs, requests, proofs and more.

Navigate to the Start Issuing Section or Start Verifying for more info.

Callouts

  • Do not share your authentication token with people you don’t trust. This gives the user control over your account and they will be able to manage PDAs (and more) with it, until it expires.
    • Similarly, if someone asks for it or claims to be a Gateway team member, do not share it.
  • Make sure when conducting actions from an organization's perspective, you pass in the following lines as part of the mutation: 
organization: {
  type: GATEWAY_ID, 
  value: "#GATEWAYID OF ORG"
  }

Updated about 1 month ago

What’s Next