APIs
Simple REST endpoints for authentication, signing, and account management.
OAuth + PKCE (http/json)
POST /oauth/init
{ "provider": "google", "redirect_uri": "https://yourapp.example/callback", "state": "random-uuid", "code_challenge": "base64url_sha256(code_verifier)" }Login (Google)
{ "type": "GoogleOAuth", "data": { "state": "<wallet_oauth_state>", "code": "<wallet_oauth_code>", "code_verifier": "<code_verifier>" } }Small print: Sessions are cookie-based (Secure, HttpOnly). Frontends must use credentials: 'include'.