Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.mag3nt.com/llms.txt

Use this file to discover all available pages before exploring further.

Authentication methods

mag3nt supports two authentication methods:
MethodUse caseHeader format
API KeyServer-side / agentsAuthorization: Bearer sx_live_...
Wallet SessionBrowser / SIWE flowAuthorization: Bearer <session_token>
API keys are the primary auth method for server-side code and autonomous agents.

Generate a key

const key = await mag3nt.keys.keysCreate();
console.log(key.apiKey);
// sx_live_a1b2c3d4e5f6g7h8...
// ⚠️ Store this securely — it cannot be retrieved again

Use with the SDK

const mag3nt = new Mag3nt({
  serverURL: "https://mag3nt.com",
  security: {
    bearerAuth: process.env.MAG3NT_API_KEY,
  },
});

Manage keys

// List all keys
const keys = await mag3nt.keys.keysList();

// Revoke a compromised key immediately
await mag3nt.keys.keysRevoke(keyHash);

// Validate a key is still active
const check = await mag3nt.keys.keysValidate();
console.log(check.valid); // true

Wallet Sessions (SIWE)

For browser-based apps, use Sign-In with Ethereum (SIWE): 
// 1. Request challenge
const challenge = await mag3nt.auth.authChallenge({
  walletAddress: "0x...",
  chain: "eip155",
});

// 2. Sign the message with user's wallet
const signature = await wallet.signMessage(challenge.message);

// 3. Verify and get session token
const session = await mag3nt.auth.authVerify({
  walletAddress: "0x...",
  nonce: challenge.nonce,
  signature: signature,
});

// 4. Use the session token
console.log(session.token); // Use as Bearer token

Security best practices

Never expose API keys in client-side code. API keys grant full access to your treasury balance. Use them only in server-side code or secure agent environments.
  • Rotate keys regularly — generate new keys and revoke old ones
  • Use environment variables — never hardcode keys in source code
  • One key per agent — if an agent is compromised, revoke only its key
  • Monitor transactions — use cardsListTransactions to audit card activity

Public endpoints

Some endpoints don’t require authentication:
EndpointDescription
statusGetPlatform health and protocol manifest
statusGetConfigTreasury addresses and token registry
fundingListTokensSupported tokens per network
payLinksGetPublic pay link details
payLinksResolveResolve a pay link for payment
payLinksPreparePrepare payment for a pay link
payLinksSettleSubmit on-chain payment proof
x402Discoverx402 payment requirements
mppDiscoverMPP capabilities