# Authenticate with JWT > For the complete documentation index, see [llms.txt](/docs/llms.txt). POST https://api.g.alchemy.com/signer/v1/auth-jwt Authenticates a user using a JSON Web Token (JWT) for secure access to their Smart Wallet functionalities. This endpoint validates the provided JWT token and can be used for authenticating an existing user or to pregenerate a wallet. Reference: https://www.alchemy.com/docs/wallets/api-reference/signer/signer-api-endpoints/auth-jwt ## Headers | Name | Type | Required | Description | |------|------|----------|-------------| | Authorization | string | Yes | Bearer token authentication. Use 'Bearer ' as the value. | ## Code Examples ### cURL ```bash curl --request POST \ --url https://api.g.alchemy.com/signer/v1/auth-jwt \ --header 'Authorization: Bearer ' \ --header 'Content-Type: application/json' \ --data '{ "jwt": "eyJhbGciOiJSUzI1NiIsImtpZCI6Im15LWtl...", "targetPublicKey": "string", "expirationSeconds": "string" }' ``` ### JavaScript ```javascript const options = { method: 'POST', headers: {'Content-Type': 'application/json', Authorization: 'Bearer '}, body: JSON.stringify({ jwt: 'eyJhbGciOiJSUzI1NiIsImtpZCI6Im15LWtl...', targetPublicKey: 'string', expirationSeconds: 'string' }) }; fetch('https://api.g.alchemy.com/signer/v1/auth-jwt', options) .then(res => res.json()) .then(res => console.log(res)) .catch(err => console.error(err)); ``` ### Python ```python import requests url = "https://api.g.alchemy.com/signer/v1/auth-jwt" payload = { "jwt": "eyJhbGciOiJSUzI1NiIsImtpZCI6Im15LWtl...", "targetPublicKey": "string", "expirationSeconds": "string" } headers = { "Content-Type": "application/json", "Authorization": "Bearer " } response = requests.post(url, json=payload, headers=headers) print(response.text) ``` ### Go ```go package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "https://api.g.alchemy.com/signer/v1/auth-jwt" payload := strings.NewReader("{\n \"jwt\": \"eyJhbGciOiJSUzI1NiIsImtpZCI6Im15LWtl...\",\n \"targetPublicKey\": \"string\",\n \"expirationSeconds\": \"string\"\n}") req, _ := http.NewRequest("POST", url, payload) req.Header.Add("Content-Type", "application/json") req.Header.Add("Authorization", "Bearer ") res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := io.ReadAll(res.Body) fmt.Println(string(body)) } ``` ### Java ```java HttpResponse response = Unirest.post("https://api.g.alchemy.com/signer/v1/auth-jwt") .header("Content-Type", "application/json") .header("Authorization", "Bearer ") .body("{\n \"jwt\": \"eyJhbGciOiJSUzI1NiIsImtpZCI6Im15LWtl...\",\n \"targetPublicKey\": \"string\",\n \"expirationSeconds\": \"string\"\n}") .asString(); ``` ### C# ```csharp using RestSharp; var options = new RestClientOptions("https://api.g.alchemy.com/signer/v1/auth-jwt"); var client = new RestClient(options); var request = new RestRequest(""); request.AddHeader("Authorization", "Bearer "); request.AddJsonBody("{\n \"jwt\": \"eyJhbGciOiJSUzI1NiIsImtpZCI6Im15LWtl...\",\n \"targetPublicKey\": \"string\",\n \"expirationSeconds\": \"string\"\n}", false); var response = await client.PostAsync(request); Console.WriteLine("{0}", response.Content); ``` ## Operation Specification ```yaml path: /auth-jwt method: POST operation: summary: Authenticate with JWT description: | Authenticates a user using a JSON Web Token (JWT) for secure access to their Smart Wallet functionalities. This endpoint validates the provided JWT token and can be used for authenticating an existing user or to pregenerate a wallet. security: - apiKey: [] x-readme: samples-languages: - javascript - curl - python - go requestBody: content: application/json: schema: type: object properties: jwt: type: string description: | The JSON Web Token (JWT) used for authentication. The JWT must be a valid OIDC ID Token containing the required claims for user identification and authentication. **Required OIDC Claims:** - `iss` (Issuer): The identity of the OIDC provider. Should be the same as issuer URL specified in your /.well-known/openid-configuration, for example see the [Google OpenID configuration](https://accounts.google.com/.well-known/openid-configuration) - `sub` (Subject): A unique identifier that identifies the user with this auth provider. - `aud` (Audience): A unique identifier for the project that can be found on the [Alchemy Dashboard](https://dashboard.alchemy.com/apps/latest/services/smart-wallets). - `exp` (Expiration): Token expiration time as Unix timestamp - `iat` (Issued At): Token issuance time as Unix timestamp - `nonce` (Nonce): toHex(sha256(targetPublicKey)) without the leading 0x **Example JWT Payload:** ```json { "iss": "https://accounts.google.com", "sub": "1234567890abcdef", "aud": "project_id", "exp": 1640995200, "iat": 1640991600, "nonce": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", } ``` example: eyJhbGciOiJSUzI1NiIsImtpZCI6Im15LWtl... targetPublicKey: description: Required for authentication. Optional for pregeneration. type: string expirationSeconds: type: string description: | Specifies the duration of the login session in seconds. After this period, the user has to re-login to refresh their session. The default value is 900 seconds (15 minutes). required: - jwt responses: '200': description: JWT authentication successful. User is now authenticated or wallet has been pregenerated. content: application/json: schema: type: object properties: isSignup: type: boolean description: If true, indicates a new wallet was created. default: false orgId: description: The organization ID associated with the authenticated user and the application. type: string credentialBundle: type: string description: An encrypted API key credential bundle that shall be used for subsequent authenticated requests. This bundle contains the authentication credentials encrypted with the provided targetPublicKey and can be decrypted client-side for stamping requests. A credential bundle will be returned when this endpoint is being used for authentication and would require a targetPublicKey in the request params userId: type: string description: A unique identifier for the authenticated user. address: type: string description: The Ethereum address of the user's signer, available after successful authentication. solanaAddress: type: string description: The Solana address of the user's signer, available after successful authentication. required: - orgId - isSignUp '400': description: Invalid JWT token or authentication failed. content: application/json: schema: type: object properties: error: type: string description: Error message describing why the JWT authentication failed. code: type: string description: Error code for programmatic handling of the error. details: type: object description: Additional details about the authentication failure, such as expired token, invalid signature, or missing claims. additionalProperties: type: string '401': description: Unauthorized - JWT token is invalid, expired, or malformed. content: application/json: schema: type: object properties: error: type: string description: Error message indicating the JWT token is not valid for authentication. tokenError: type: string description: Specific details about why the JWT token was rejected. '429': description: Too many authentication attempts. Please wait before trying again. content: application/json: schema: type: object properties: error: type: string description: Error message indicating rate limiting is in effect. retryAfter: type: integer description: Number of seconds to wait before making another authentication attempt. operationId: authJwt ```