Verify a User's Wallet
You will need to obtain an access token before you can verify a user’s wallet . Do this either via the Bitski JS SDK or via a custom redirect flow.
Using the Bitski JS SDK
Once your user signs in with Bitski, simply call
bitski.getCurrentAccessToken()
to get the access token of the current user.
You can then send that access token to your backend.
Using OAuth2/OpenID Connect
If your app does not use the Bitski JS SDK, and you want to authenticate a user, you will need to:
- Configure your backend for OAuth integration.
- Get an access token for the current user.
- Use that access token to make API calls.
Configuring your backend will be different based on the web framework you use. Here is an example using Ruby on Rails:
Once you have your access token, you can make JSON RPC calls. For user wallets you will not be able to sign on behalf of the user, but you can request their accounts. All API calls need the x-api-key header. Any calls that require user authentication need an access token based on bearer authentication. For example:
Verifying Accounts
Once you have an access token, you can get a Bitski-verified list of accounts for any user:
Verifying User Information
You can retrieve details about the current logged-in user using the standard OpenID Connect UserInfo endpoint. This might be part of your OAuth framework. If it isn’t, you can make the request manually:
This will return json with, at the very least, a unique subject:
It will also contain the user’s email address if you requested it and the user accepted the request.
Offline Access
You can also request offline access. This will let you make calls on behalf of
the user even if they close their browser tab. Consult the documentation on your
oauth framework for instructions on how to obtain a refresh token and how to
exchange it for an access token. If you are using the
Bitski JS SDK you can get a refresh
token with bitski.getCurrentRefreshToken()
. However, you will still need to
use your provider’s method of exchanging it for an access token.