Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.getpara.com/llms.txt

Use this file to discover all available pages before exploring further.

Once a user is signed in, you can request a Para JWT token. This token will provide attestations for the user’s ID, their identity, any wallets they have provisioned via your application, and any connected wallets in their current session.

Requesting a JWT Token

You can request a JWT token using either the client method or the React hook. Both approaches return the token itself as well as the JWKS key ID (kid) for the keypair that signed it.

Client Method

import { ParaWeb } from '@getpara/web-sdk';

const para = new ParaWeb('your-api-key');

const { token, keyId } = await para.issueJwt();

React Hook

The token’s expiry will be determined by your customized session length, or else will default to 30 minutes. Issuing a token, like most authenticated API operations, will also renew and extend the session for that duration.
The token’s aud field will be set to your API key’s unique ID, linking it specifically to your application.

Token Structure

Depending on the user in question, a decoded token payload might resemble the following: 
{
  "data": {
    "userId": "d5358219-38d3-4650-91a8-e338131d1c5e",
    "wallets": [
      {
        "id": "de4034f1-6b0f-4a98-87a5-e459db4d3a03",
        "type": "EVM",
        "address": "0x9dd3824f045c77bc369485e8f1dd6b452b6be617",
        "publicKey": "0x0465434f76c8321f386856c44e735fd365a09d42c1da03489184b651c2052ea1c7b19c54722ed828458c1d271cc590b0818d8c7df423f71e92683f9e819095a8c6"
      },
      {
        "id": "d70f64e4-266a-457e-9cea-eeb42341a975",
        "type": "SOLANA",
        "address": "EEp7DbBu5yvgf7Pr9W17cATPjCqUxY8K8R3dFbg53a3W",
        "publicKey": ""
      }
    ],
    "connectedWallets": [
      {
        "id": "de4034f1-6b0f-4a98-87a5-e459db4d3a03",
        "type": "EVM",
        "address": "0x9dd3824f045c77bc369485e8f1dd6b452b6be617",
        "publicKey": "0x0465434f76c8321f386856c44e735fd365a09d42c1da03489184b651c2052ea1c7b19c54722ed828458c1d271cc590b0818d8c7df423f71e92683f9e819095a8c6"
      },
      {
        "id": "d70f64e4-266a-457e-9cea-eeb42341a975",
        "type": "SOLANA",
        "address": "EEp7DbBu5yvgf7Pr9W17cATPjCqUxY8K8R3dFbg53a3W",
        "publicKey": ""
      }
    ],
    "email": "email@example.com",
    "authType": "email",
    "identifier": "email@example.com",
    "oAuthMethod": "google" // or: undefined | "x" | "discord" | "facebook" | "apple"
  },
  "iat": 1745877709,
  "exp": 1745879509,
  "aud": "a31b8f2e-7c6d-4e5a-9f8b-1d2c3a4b5e6f",
  "sub": "d5358219-38d3-4650-91a8-e338131d1c5e"
}

JWKS Verification

Para’s JSON Web Keys Set (JWKS) file(s) are available at the following URLs:
EnvironmentJWKS URL
BETAhttps://api.beta.getpara.com/.well-known/jwks.json
PRODhttps://api.getpara.com/.well-known/jwks.json

Best Practices

  • Session Verification: For security-critical operations, verify JWT tokens on both client and server sides
  • Token Expiry: Be aware that tokens expire based on your session configuration and plan accordingly
  • Secure Storage: Never store JWT tokens in insecure locations like localStorage for sensitive applications