# User Authentication All endpoints that require a Patch wallet signature, like to send transactions or sign a message, must go through user authentication. That includes the following endpoints: * [Kernel Account API](https://docs.patchwallet.com/api/kernel-account-api) There are 2 ways for Apps to authenticate users:


Use native Patch auth:	Twitter Email Phone number Github
Use your own auth:	Use Auth0, Clerk.com, or another service to authenticate users. Then push transactions through their wallets. You get to choose your provider name like `uniswap`, `meta`, or `yourname`.

### Use native Patch auth {% hint style="info" %} Due to the OAuth agreement and other restrictions, we only have Phone Number auth at this moment, other native auth are coming soon. {% endhint %} #### Phone Number 1. Trigger our auth server to send a verification token to a phone number ```bash curl -L -X POST 'https://auth.paymagicapi.com/functions/v1/signInWithOTP' --data '{"phone":"+1xxxxxxxxxx"}' ``` * Our server will send a SMS with 6 digit verification code to the phone number ## Trigger auth server to send verification token `POST` `https://auth.paymagicapi.com/functions/v1/signInWithOTP` #### Request Body | Name | Type | Description | | --------------------------------------- | ------ | ---------------------------------------- | | phone\* | String | US/Canada phone number with +1 area code | {% tabs %} {% tab title="200: OK {"message":"SMS Sent","user":null,"session":null,"messageId":"SM1edeccc59fc589d7ca8994df19a9ff75"}" %} {% endtab %} {% endtabs %} 2. Verify the code to get JWT token for transation authentication ```bash curl -L -X POST 'https://auth.paymagicapi.com/functions/v1/verifyOTP' --data '{"phone":"+1xxxxxxxxxx","token":"xxxxxx"}' ``` ## Verify the code `POST` `https://auth.paymagicapi.com/functions/v1/verifyOTP` #### Request Body | Name | Type | Description | | --------------------------------------- | ------ | ---------------------------------------- | | phone\* | String | US/Canada phone number with +1 area code | | token\* | String | 6 digit code from SMS | ### Use your own auth 1. On [Discord](https://discord.gg/EAFPKSRyth), request a `client_id` and `client_secret` 2. Tell us what type of auth provider you're using and we'll create a custom [Lit Action](https://developer.litprotocol.com/LitActions/intro) for signing. 3. Pass the specified data through the `auth` parameter on any Wallet API endpoints. During testing, you can leave the `auth` parameter blank. ``` curl --location 'https://paymagicapi.com/v1/kernel/tx' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{access_token}}' \ --data '{ "userId": "twitter:elonmusk", "chain": "matic", "to": ["0x2791Bca1f2de4661ED88A30C99A7a9449Aa84174"], "value": ["0"], "data": ["0xa9059cbb000000000000000000000000a969E3D8b4A376a59B15C70f29Deb08fbFab07810000000000000000000000000000000000000000000000000000000000002710"], "auth": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJhdXRoZW50aWNhdGVkIiwiZXhwIjoxNjc5NDYwODQ2LCJzdWIiOiI4YTFlODg2YS0xNmRjLTRlM2ItODg5MS04MWFiMjk3M2U5NjIiLCJlbWFpbCI6Imdlc2FnYTM0NzlAa2F1ZGF0LmNvbSIsInBob25lIjoiIiwiYXBwX21ldGFkYXRhIjp7InByb3ZpZGVyIjoiZW1haWwiLCJwcm92aWRlcnMiOlsiZW1haWwiXX0sInVzZXJfbWV0YWRhdGEiOnt9LCJyb2xlIjoiYXV0aGVudGljYXRlZCIsImFhbCI6ImFhbDEiLCJhbXIiOlt7Im1ldGhvZCI6Im90cCIsInRpbWVzdGFtcCI6MTY3OTQ1NzI0Nn1dLCJzZXNzaW9uX2lkIjoiMGRhMmQ4YmUtY2FiYS00MGRhLWE5ZTctOTliMjNlZmE4ZWExIn0.lfjj6YbJoCRSXRgW9vPg6Un0ck0NiBH6S97_gXUGKUE" }' ```