Passport
  • 👩‍💻Welcome
  • How Passport Works
    • Overview
    • Background
      • Threshold Cryptography
      • Secure Multi-Party Computation
      • Distributed Architecture
      • Secure Enclaves
    • In Depth
      • Under the Hood
      • User Flows and Account Controls
      • The Halides Model
      • End-to-End Encryption
      • Security
      • Node Operation
  • guides and examples
    • Getting Started
    • Quickstarts and Examples
      • Passkey Account
      • Clerk Auth
      • Lambda Quickstart
  • Authentication
    • Overview
    • Configuring your scope
    • Passkeys
      • Registration
        • Register using SDK
        • Register using API
          • Initiate Registration
          • Complete Registration
      • Authentication
        • Authenticating with SDK
        • Authenticating with API
          • Initiate Authentication
          • Complete Authentication
    • Developer Owned Auth
      • Registration
        • Register using SDK
        • Register using API
          • Delegate Registration
  • Wallet Operations
    • Overview
    • Passkeys Signer
      • Sign Message
        • Sign Message SDK
        • Sign Message API
      • Sign Transaction
        • Sign Transaction SDK
        • Sign Transaction API
    • DOA Signer
      • Sign Message
        • Sign Message SDK
        • Sign Message API
      • Sign Transaction
        • Sign Transaction SDK
        • Sign Transaction API
    • Viem Support
  • Programmability
    • Overview
    • Passport Lambda
    • Lambda Functions
      • Create Lambda
        • Create Lambda SDK
        • Create Lambda API
      • Execute Lambda
        • Execute Lambda SDK
        • Execute Lambda API
      • List Lambda
        • List Lambda SDK
        • List Lambda API
  • Appendix
    • Moving to Mainnet
    • State Of The Network
    • Generating DOA Keys
    • API Request Setup
      • Unauthenticated Requests
      • Authenticated Requests
Powered by GitBook
On this page
  • Unauthenticated Requests
  • Scope
  • End to End Encryption
  • User Identifier
  • Authenticated Requests
  • Authentication
  • End to End Encryption
  • User Identifier
  • Scope
  1. Appendix

API Request Setup

To interact with the Passport Protocol API, there are two types of requests "Unauthenticated" which don't require an authenticated user account, and "Authenticated" which do require an authenitcated user account. The following provides information on how the request headers for each request type works and the reasoning behind them, but you can skip to Unauthenticated Requests or Authenticated Requests to see how these headers are setup.

Unauthenticated Requests

RPC request methods such as

  • initiateRegistration

  • completeRegistration

  • initiateAuthentication

  • completeAuthentication

  • delegateRegistration

  • executeLambda (* depends on the lambda authorization type)

These request methods are "unauthenticated", and require you to use the 2 following request headers x-scope-id and x-encrypted-key

Scope

Header
Description

X-Scope-Id

Identifies the application's scope under which the user's account is being registered or authenticated. It contextualizes the request to a specific domain, enabling correct policy and procedure.

End to End Encryption

Header
Description

X-Encrypted-Key

Carries an encrypted version of AES key for the server to securely process the request, especially for operations requiring encryption or decryption of user data. AES Key is random and generated locally on your device. This key is then encrypted by using Public Enclave RSA Key. You can find this key in any of the SDK examples.

User Identifier

Header
Description

X-Encrypted-User

Carries an encrypted version of user details for the server to securely process the request. This is encrypted using the aes key which is generated above. Here is a sample user details

Authenticated Requests

Authentication headers are essential for maintaining session integrity, authenticating user actions, and ensuring secure interactions. These apply to the following endpoints:

  • eth_signTransaction

  • personal_sign

  • createLambda

  • listLambda

  • executeLambda (* depends on the lambda authorization type)

Authentication

Any authenticated request must containone of the following 3 headers:

Header
Description

X-Encrypted-Session

X-Encrypted-WebAuthn-Signature

This is obtained by directly singing the user object using your passkeys

X-Encrypted-Key-Signature

This is obtained by directly singing the user object using your DOA key.

End to End Encryption

Header
Description

X-Encrypted-Key

Carries an encrypted version of AES key for the server to securely process the request, especially for operations requiring encryption or decryption of user data. AES Key is random and generated locally on your device. This key is then encrypted by using Public Enclave RSA Key. You can find this key in any of the SDK examples.

User Identifier

Header
Description

X-Encrypted-User

Carries an encrypted version of user details for the server to securely process the request. This is encrypted using the aes key which is generated above. Here is a sample user details

Scope

Header
Description

X-Scope-Id

Identifies the application's scope under which the user's account is being registered or authenticated. It contextualizes the request to a specific domain, enabling correct policy and procedure.

PreviousGenerating DOA KeysNextUnauthenticated Requests

Last updated 1 year ago

This is obtained when you authenticate with the endpoint. This is used by enclave to verify your requests.

{
    username: "john_doe",
    userDisplayName: "john_doe_crypto",
}

 {
    username: "john_doe",
    userDisplayName: "john_doe_crypto",
 }
 {
    username: "john_doe",
    userDisplayName: "john_doe_crypto",
 }
{
    username: "john_doe",
    userDisplayName: "john_doe_crypto",
}
Authenticating with API