$yieldfabric-ai>

Authentication

Complete guide to login, JWT tokens, and delegation for group operations

01

Login with Services

Authenticate with YieldFabric and request access to specific services:

curl -X POST https://auth.yieldfabric.com/auth/login/with-services \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "your-password",
    "services": ["vault", "payments"]
  }'

Response:

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "refresh_token_here",
  "user": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "email": "user@example.com",
    "role": "User",
    "account_address": "0x1234..."
  }
}

Save your token:

export TOKEN="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
02

Delegate Authentication

Create a delegation JWT to perform operations on behalf of a group account:

curl -X POST https://auth.yieldfabric.com/auth/delegation/jwt \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "group_id": "550e8400-e29b-41d4-a716-446655440000",
    "delegation_scope": ["read", "write", "manage"],
    "expiry_seconds": 3600
  }'

Response includes:

  • delegation_jwt - Token for group operations
  • delegation_scope - Permitted operations
  • expiry_seconds - Token lifetime
  • group_id - Group identifier
03

Manage Delegation Tokens

List Active Tokens

curl -X GET https://auth.yieldfabric.com/auth/delegation-tokens \
  -H "Authorization: Bearer $TOKEN"

Revoke a Token

curl -X DELETE https://auth.yieldfabric.com/auth/delegation-tokens/{token_id} \
  -H "Authorization: Bearer $TOKEN"
04

Using Delegation Tokens

For Group Operations

Use delegation token to perform crypto operations on behalf of the group

For Balance Queries

Query group balances using the delegation token

Example: Group Payment

curl -X POST https://pay.yieldfabric.com/graphql \
  -H "Authorization: Bearer $DELEGATION_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "mutation { instant(input: { assetId: \"aud-token-asset\", amount: \"100\", destinationId: \"recipient@yieldfabric.com\" }) { success paymentId } }"
  }'
05

JWT Token Structure

Standard User JWT

{
  "sub": "550e8400-e29b-41d4-a716-446655440000",
  "aud": ["vault", "payments"],
  "exp": 1697712000,
  "iat": 1697625600,
  "role": "Operator",
  "permissions": ["CryptoOperations", "ViewSignatureKeys"],
  "entity_scope": [],
  "session_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "auth_method": "jwt",
  "entity_type": "user",
  "email": "user@example.com",
  "account_address": "0x1234567890abcdef...",
  "group_account_address": null,
  "acting_as": null,
  "delegation_scope": null,
  "delegation_token_id": null
}

Key Fields:

  • sub - User ID (UUID)
  • aud - Allowed services
  • role - User role (SuperAdmin, Admin, Manager, Operator, Viewer, ApiClient)
  • permissions - Specific permission strings
  • account_address - User's intelligent account address

Delegation JWT

{
  "sub": "550e8400-e29b-41d4-a716-446655440000",
  "aud": ["yieldfabric"],
  "auth_method": "delegation",
  "group_account_address": "0xabcdef1234567890...",
  "acting_as": "group-id-550e8400-...",
  "delegation_scope": ["CryptoOperations", "ReadGroup"],
  "delegation_token_id": "c3d4e5f6-a7b8-9012-cdef-...",
  ...
}

Delegation-Specific Fields:

  • auth_method - Set to "delegation"
  • group_account_address - Group's account address
  • acting_as - Group ID user is acting on behalf of
  • delegation_scope - Allowed operations
  • delegation_token_id - For tracking and revocation
06

User Roles

SuperAdmin

Full system access

All permissions automatically granted

Admin

Administrative operations

User & group management

Manager

Manage entities and groups

Group operations & delegation

Operator

Service access + admin

Use services & manage groups

Viewer

Read-only access

View information only

ApiClient

API integration access

Service-specific operations

07

Common Permissions

PermissionDescription
CryptoOperationsPerform cryptographic operations
ViewSignatureKeysView signing keys
ManageSignatureKeysManage signing keys
CreateGroupCreate new groups
CreateDelegationTokenCreate delegation tokens
08

Auth Service Endpoints

POST/auth/login/with-servicesLogin with service selection
POST/auth/refreshRefresh access token
GET/auth/users/meGet user profile
POST/auth/delegation/jwtCreate delegation token
Previous
Overview
Next
Balances