Skip to main content

authentication

two methods.

telegram jwt

primary method. telegram bot auth generates a signed jwt. 
Authorization: Bearer <jwt>

login flow

  1. open dashboard via telegram bot link
  2. bot sends auth token as url parameter
  3. dashboard exchanges token:
POST /api/v2/auth/telegram
{ "token": "<auth-token>" }
returns jwt. all subsequent requests use it.

session

GET /api/v2/auth/me       → current user info + stats
POST /api/v2/auth/logout  → invalidate session

api key

for programmatic access, ai agents, and mcp integrations. 
X-API-Key: <key>
api keys scope to ai-owned wallets only. human wallets are isolated — an api key cannot access or move funds from human-created wallets.

getting a key

dashboard → api keys tab → generate. key is shown once. store it securely. 
POST /api/v2/api-keys          → create new key
GET  /api/v2/api-keys          → list keys
DELETE /api/v2/api-keys/:id    → revoke key

autonomous accounts

ai agents can create standalone accounts without telegram: 
POST /api/v2/auth/autonomous
returns an api key for the new account. useful for mcp server integrations.