Authentication Configuration

By default the Wallet API v2 runs without authentication — every wallet is accessible without a token. The auth optional feature is intended to require email/password login and enforce that an account only accesses its own wallets, configured in auth.conf.

The auth feature is not functional in the current release. Enabling it prevents the service from starting. The configuration and endpoints below are documented for reference and for when the feature is completed. Leave it out of _features.conf (the default).

File Location

waltid-services/waltid-wallet-api2/config/auth.conf

Configuration Options

PropertyTypeRequiredDefaultDescription
jwtSecretStringYesThe secret for signing session tokens.
tokenExpirySecondsLongNo86400Session token lifetime in seconds.
# auth.conf
jwtSecret = "change-me-in-production"
tokenExpirySeconds = 86400

Always use a strong, randomly generated jwtSecret in production, and never commit it to version control.


Authentication Endpoints

When auth is enabled, the following endpoints are available. After logging in, pass the returned token as Authorization: Bearer {token} on every wallet request.

EndpointMethodDescription
/auth/registerPOSTRegister a new account
/auth/emailpassPOSTLog in with email + password
/auth/logoutPOSTInvalidate the current token
/auth/accountGETGet the authenticated account (id, email, wallet IDs)
/auth/account/walletsGETList wallets owned by the account
/auth/account/wallets/{walletId}POSTLink a wallet to the account

Register

CURL

Endpoint: POST /auth/register

Example Request
curl -X POST http://localhost:7005/auth/register \
  -H 'Content-Type: application/json' \
  -d '{ "email": "user@example.com", "password": "secret123" }'

Body Parameters

  • email: String (required) - The account email.
  • password: String (required) - The account password.

Example Response
{ "accountId": "b2c3d4e5-..." }

Log In

CURL

Endpoint: POST /auth/emailpass

Example Request
curl -X POST http://localhost:7005/auth/emailpass \
  -H 'Content-Type: application/json' \
  -d '{ "email": "user@example.com", "password": "secret123" }'

Body Parameters

  • email: String (required) - The account email.
  • password: String (required) - The account password.

Example Response

The response is a session object containing the bearer token. Use the token on subsequent requests:

curl http://localhost:7005/wallet \
  -H 'Authorization: Bearer {token}'

New wallets created while authenticated are automatically linked to your account, so GET /wallet and GET /auth/account/wallets return only your own wallets.

Last updated on July 13, 2026