Access Token Verification

Verify that a user's wallet holds an Andamio Access Token without requiring them to connect their wallet to your app. This enables third-party integrations to confirm Andamio identity.

Use Case

You're building an app that needs to verify a user has an Andamio identity — but you don't want to implement wallet connection yourself. Instead, the user proves ownership through a challenge/response flow, and you receive a short-lived Attestation JWT you can verify offline.

How It Works

The verification flow has two steps:

1. Start a Verification Session

curl -X POST https://preprod.api.andamio.io/api/v2/verify/session \
  -H "X-API-Key: $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"alias": "user-alias"}'

The API returns a challenge that the user must sign with their wallet.

2. Complete Verification

The user signs the challenge, and you submit the signature:

curl -X POST https://preprod.api.andamio.io/api/v2/verify/complete \
  -H "X-API-Key: $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "session_id": "from-step-1",
    "signature": "signed-challenge",
    "key": "public-key"
  }'

On success, you receive an Attestation JWT — an RS256-signed token (approximately 10 minute lifetime) that proves the user owns the specified Access Token.

Attestation JWT

The Attestation JWT can be verified offline using the API's public key. This is different from the User JWT (which is HS256 and used for API requests):

When to Use This vs Regular Auth

Endpoints

Next Steps

• Developer Accounts — The three credential types explained
• Authentication — Wallet-based login for API access
• API Integration — Making authenticated requests