Please review the Authentication section for details on using your API keys.

NFT Verification

Before starting verification, we typically want to show some kind of modal or introduction window, which requires metadata about the contract. We provide an endpoint to fetch the collection name, social links and images for this purpose.
Get contract metadata
Before starting verification, the user must connect their wallet. This is handled by client-side code, usually with the API or SDK for the users wallet (e.g Metamask or Phantom).
In order to make sure that users own the address their wallet claims, it needs to be verified. This is done by generating a single-use message (a 'nonce'), which must be signed. Once the users wallet is connected, fetch their address and make a request to the below endpoint to get a new nonce.
Get a new nonce
Pass the returned nonce to the the users wallet for signing. Once the nonce has been successfully signed, we send the signature to the API for verification, along with the original nonce.
Verify the signature
This endpoint returns an SHA256 HMAC in the format expiration:SHA256("sk_YOUR_SECRET_KEY" + expiration + ":" + address), where expiration is a UNIX timestamp in seconds.
We use an expiring HMAC by default, however if you're generating a HMAC on your backend you can also generate an eternal version by omitting the expiration and colon, though this is not recommended.
This HMAC can be saved by your client implementation for future use, allowing users to skip the wallet connection and signature on subsequent visits, until the HMAC has expired.
Once you have a HMAC, either from this request or a previous request, you can continue to the actual verification request.
This step is technically optional as the API won't throw an error if a HMAC is not provided. However, result.wallet.verified will be false in verification results, and we do not recommend it unless using on the backend with previously verified addresses.
Unlockables require address verification by default (though this can also be disabled), so requests without a HMAC won't be able to access them.
Verify NFT ownership
Yay, you've completed verification!
The response from this endpoint will include the verification result summary (whether they own at least one token, their address etc), along with the full list of tokens from the provided collection with any off-chain metadata.

Managing unlockables

You can use the API to create and manage unlockables.
List unlockables
Create a new unlockable
Get an unlockable by ID
Update an unlockable
Delete an unlockable

Fetch unlockable content

You may wish to manually create a signed URL to access unlockable content. You can construct this URL on your backend, by creating a JWT as below, and signing it with your app secret key. The below example uses the jsonwebtoken package, however can be adapted to any JWT library:
import jwt from "jsonwebtoken"
const appId = "YOUR_APP_ID"
const secretKey = "sk_YOUR_SECRET_KEY"
const unlockableId = "d85c8682-6179-4e20-9e00-25507e07b7c6"
const token = jwt.sign(
id: unlockableId,
// Optionally you can also include an `attemptId` to tie this download
// to a verification attempt. This should be the ID returned by /verify/nft.
// attemptId: "85bcc566-56e1-41f9-af8f-f77c060e7b97"
{ algorithm: "HS256", expiresIn: "24h" }
const url = `${token}&appId=${appId}`
This endpoint does not support Webhook unlockables
Get unlockable content