Getting Started Guide

LiquidAuth Getting Started

LiquidAuth allows authentication of offchain APIs and services using EOSIO permissions and contract.

Essentially what's going on in the background is this:

  1. Contract stakes to LiquidAuth service

  2. Auth client used to create a signed message using the contract's private key that can sign for authentikeos:xauthusage

  3. This unbroadcasted trx is sent to the DSP who runs the trx to ensure that the permission is indeed correct

  4. If the correct signature has signed, DSP fulfills request, say for example authenticating a LiquidStorage get uri api call.


An example of this is using the LiquidStorage service. Under the hood LiquidAuth is used to collect and create the offline signature used to authenticate against the LiquidStorage APIs. This signature must not have expired, it must be signed by the account that has staked for the services, and the payload signed is verified against the signature to ensure what is being requested is what was included in the signed message.

The private key associated with calling this method authentikeos:xauthusage can be link auth'd to a separate permission level, say call it API which is under the active permission level. By doing this, the active key no longer needs to be exposed when signing the authentication message.


This box contains the LiquidLink example smart contract, DAPP Service Provider node logic, unit tests, dapp-client source code and examples.

mkdir auth-dapp-service; cd auth-dapp-service
# npm install -g @liquidapps/zeus-cmd
zeus box create
zeus unbox auth-dapp-service
zeus test -c

Last updated