Third-Party Integration Guide

Authenticate users, manage profiles, and store conversations using the FractalAI blockchain. No Firebase, no OAuth -- just post-quantum cryptographic signatures and JSON-RPC.

Wallet-Native Authentication

FractalAI uses wallet-native authentication -- no Firebase, no OAuth, no third-party identity providers. Your Dilithium2 keypair is your identity. Third-party applications authenticate users through a cryptographic challenge-response flow that runs entirely on the FractalAI blockchain node.

Dilithium2 Signatures

NIST-standard post-quantum challenge-response. Resistant to both classical and quantum attacks.

Zero Cost

Authentication is handled by the node at no gas cost. No on-chain transactions required to sign in.

Zero External Deps

No Firebase, Auth0, Cognito, or OAuth. The blockchain node is the only infrastructure you need.

Architecture

  Third-Party App                FractalAI Node               User Wallet
  ──────────────                ──────────────               ───────────
        │                              │                           │
        │  1. POST fractal_auth_challenge(address)                 │
        │─────────────────────────────>│                           │
        │  { challengeId, bytes }      │                           │
        │<─────────────────────────────│                           │
        │                              │                           │
        │  2. Forward challenge bytes ──────────────────────────>  │
        │                              │           Sign with       │
        │                              │         Dilithium2 SK     │
        │  3. Receive signature  <──────────────────────────────── │
        │                              │                           │
        │  4. POST fractal_auth_verify(challengeId, sig, pk)       │
        │─────────────────────────────>│                           │
        │  { sessionId, address }      │                           │
        │<─────────────────────────────│                           │
        │                              │                           │
        │  5. Use sessionId for        │                           │
        │     subsequent API calls     │                           │
        └──────────────────────────────┘                           │

How It Works

Request Challenge

Your app sends the user's wallet address to fractal_auth_challenge. The node returns a unique challenge ID and random bytes with a 5-minute expiry.

User Signs Challenge

The user signs the challenge bytes with their Dilithium2 private key (in the browser via WASM or in a native wallet).

Verify Signature

Your app sends the signature and public key to fractal_auth_verify. The node verifies the Dilithium2 signature on-chain and returns a session token.

Session Established

The session token can be used to call authenticated endpoints (profile, conversations, messages) for up to 24 hours.

API Reference Security Docs