Prerequisites

Before implementing authentication, ensure you have:

  • App Registration: Your app must be registered with Dialect (registration guide)
  • Client Key: Your Dialect client key (format: dk_...)

Authentication Overview

Dialect uses a two-part authentication system for inbox integration:

  1. Client Key (X-Dialect-Client-Key): Identifies your application
  2. JWT Token (Authorization: Bearer): Authenticates the user via wallet signature

The authentication flow involves:

  1. Prepare: Generate a message/transaction for the user to sign
  2. Sign: User signs with their wallet
  3. Verify: Exchange the signature for a JWT token
  4. Use: Include the JWT token in subsequent API calls

Flow diagram

Code examples

Step 1: Prepare Authentication

Request a message for the user to sign:

const prepareResponse = await fetch('https://alerts-api.dial.to/v2/auth/solana/prepare', {
  method: 'POST',
  headers: {
    'X-Dialect-Client-Key': 'YOUR_CLIENT_KEY',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    walletAddress: 'USER_WALLET_ADDRESS'
  })
});

const { message } = await prepareResponse.json();
// Returns: { message: "Sign this message to authenticate. Nonce: 1638471298347" }

Step 2: Sign Message

Have the user sign the message with their wallet:

// Using @solana/wallet-adapter
import { useWallet } from '@solana/wallet-adapter-react';

const { signMessage, publicKey } = useWallet();

const encodedMessage = new TextEncoder().encode(message);
const signature = await signMessage(encodedMessage);
const signatureBase58 = bs58.encode(signature);

Step 3: Verify & Get JWT

Exchange the signature for a JWT token:

const verifyResponse = await fetch('https://alerts-api.dial.to/v2/auth/solana/verify', {
  method: 'POST',
  headers: {
    'X-Dialect-Client-Key': 'YOUR_CLIENT_KEY',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    message: message,
    signature: signatureBase58
  })
});

const { token } = await verifyResponse.json();
// Store this JWT token for subsequent API calls

Making Authenticated Requests

You’ve setup the authentication flow. From now on, you can send requests to the API. Include both headers in all subsequent API calls:

const response = await fetch('https://alerts-api.dial.to/v2/history', {
  headers: {
    'Authorization': `Bearer ${jwtToken}`,
    'X-Dialect-Client-Key': 'YOUR_CLIENT_KEY'
  }
});