Authentication Configuration
By default the Wallet API v2 runs without authentication — every wallet is accessible without a token. The auth optional feature is intended to require email/password login and enforce that an account only accesses its own wallets, configured in auth.conf.
The auth feature is not functional in the current release. Enabling it prevents the service from starting. The configuration and endpoints below are documented for reference and for when the feature is completed. Leave it out of _features.conf (the default).
File Location
waltid-services/waltid-wallet-api2/config/auth.conf
Configuration Options
| Property | Type | Required | Default | Description |
|---|---|---|---|---|
jwtSecret | String | Yes | – | The secret for signing session tokens. |
tokenExpirySeconds | Long | No | 86400 | Session token lifetime in seconds. |
# auth.conf
jwtSecret = "change-me-in-production"
tokenExpirySeconds = 86400
Always use a strong, randomly generated jwtSecret in production, and never commit it to version control.
Authentication Endpoints
When auth is enabled, the following endpoints are available. After logging in, pass the returned token as Authorization: Bearer {token} on every wallet request.
| Endpoint | Method | Description |
|---|---|---|
/auth/register | POST | Register a new account |
/auth/emailpass | POST | Log in with email + password |
/auth/logout | POST | Invalidate the current token |
/auth/account | GET | Get the authenticated account (id, email, wallet IDs) |
/auth/account/wallets | GET | List wallets owned by the account |
/auth/account/wallets/{walletId} | POST | Link a wallet to the account |
Register
Endpoint: POST /auth/register
Example Request
curl -X POST http://localhost:7005/auth/register \
-H 'Content-Type: application/json' \
-d '{ "email": "user@example.com", "password": "secret123" }'
Body Parameters
- email: String (required) - The account email.
- password: String (required) - The account password.
Example Response
{ "accountId": "b2c3d4e5-..." }
Log In
Endpoint: POST /auth/emailpass
Example Request
curl -X POST http://localhost:7005/auth/emailpass \
-H 'Content-Type: application/json' \
-d '{ "email": "user@example.com", "password": "secret123" }'
Body Parameters
- email: String (required) - The account email.
- password: String (required) - The account password.
Example Response
The response is a session object containing the bearer token. Use the token on subsequent requests:
curl http://localhost:7005/wallet \
-H 'Authorization: Bearer {token}'
New wallets created while authenticated are automatically linked to your account, so GET /wallet and GET /auth/account/wallets return only your own wallets.
