# User Authentication

All endpoints that require a Patch wallet signature, like to send transactions or sign a message, must go through user authentication. That includes the following endpoints:

* [Kernel Account API](/api/kernel-account-api.md)

There are 2 ways for Apps to authenticate users:

<table data-view="cards"><thead><tr><th></th><th></th></tr></thead><tbody><tr><td><strong>Use native Patch auth:</strong></td><td><ul><li>Twitter</li><li>Email</li><li>Phone number</li><li>Github</li></ul></td></tr><tr><td><strong>Use your own auth:</strong></td><td><ul><li>Use Auth0, Clerk.com, or another service to authenticate users. Then push transactions through their wallets.</li><li>You get to choose your provider name like <code>uniswap</code>, <code>meta</code>, or <code>yourname</code>.</li></ul></td></tr></tbody></table>

### Use native Patch auth

{% hint style="info" %}
Due to the OAuth agreement and other restrictions, we only have Phone Number auth at this moment, other native auth are coming soon.
{% endhint %}

#### Phone Number

1. Trigger our auth server to send a verification token to a phone number

```bash
curl -L -X POST 'https://auth.paymagicapi.com/functions/v1/signInWithOTP' 
    --data '{"phone":"+1xxxxxxxxxx"}'
```

* Our server will send a SMS with 6 digit verification code to the phone number

## Trigger auth server to send verification token

<mark style="color:green;">`POST`</mark> `https://auth.paymagicapi.com/functions/v1/signInWithOTP`

#### Request Body

| Name                                    | Type   | Description                              |
| --------------------------------------- | ------ | ---------------------------------------- |
| phone<mark style="color:red;">\*</mark> | String | US/Canada phone number with +1 area code |

{% tabs %}
{% tab title="200: OK {"message":"SMS Sent","user":null,"session":null,"messageId":"SM1edeccc59fc589d7ca8994df19a9ff75"}" %}

{% endtab %}
{% endtabs %}

2. Verify the code to get JWT token for transation authentication

```bash
curl -L -X POST 'https://auth.paymagicapi.com/functions/v1/verifyOTP' 
    --data '{"phone":"+1xxxxxxxxxx","token":"xxxxxx"}'

```

## Verify the code

<mark style="color:green;">`POST`</mark> `https://auth.paymagicapi.com/functions/v1/verifyOTP`

#### Request Body

| Name                                    | Type   | Description                              |
| --------------------------------------- | ------ | ---------------------------------------- |
| phone<mark style="color:red;">\*</mark> | String | US/Canada phone number with +1 area code |
| token<mark style="color:red;">\*</mark> | String | 6 digit code from SMS                    |

### Use your own auth

1. On [Discord](https://discord.gg/EAFPKSRyth), request a `client_id` and `client_secret`
2. Tell us what type of auth provider you're using and we'll create a custom [Lit Action](https://developer.litprotocol.com/LitActions/intro) for signing.
3. Pass the specified data through the `auth` parameter on any Wallet API endpoints. During testing, you can leave the `auth` parameter blank.

```
curl --location 'https://paymagicapi.com/v1/kernel/tx' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{access_token}}' \
--data '{
    "userId": "twitter:elonmusk",
    "chain": "matic",
    "to": ["0x2791Bca1f2de4661ED88A30C99A7a9449Aa84174"],
    "value": ["0"],
    "data": ["0xa9059cbb000000000000000000000000a969E3D8b4A376a59B15C70f29Deb08fbFab07810000000000000000000000000000000000000000000000000000000000002710"],
    "auth": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJhdXRoZW50aWNhdGVkIiwiZXhwIjoxNjc5NDYwODQ2LCJzdWIiOiI4YTFlODg2YS0xNmRjLTRlM2ItODg5MS04MWFiMjk3M2U5NjIiLCJlbWFpbCI6Imdlc2FnYTM0NzlAa2F1ZGF0LmNvbSIsInBob25lIjoiIiwiYXBwX21ldGFkYXRhIjp7InByb3ZpZGVyIjoiZW1haWwiLCJwcm92aWRlcnMiOlsiZW1haWwiXX0sInVzZXJfbWV0YWRhdGEiOnt9LCJyb2xlIjoiYXV0aGVudGljYXRlZCIsImFhbCI6ImFhbDEiLCJhbXIiOlt7Im1ldGhvZCI6Im90cCIsInRpbWVzdGFtcCI6MTY3OTQ1NzI0Nn1dLCJzZXNzaW9uX2lkIjoiMGRhMmQ4YmUtY2FiYS00MGRhLWE5ZTctOTliMjNlZmE4ZWExIn0.lfjj6YbJoCRSXRgW9vPg6Un0ck0NiBH6S97_gXUGKUE"
}'
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.patchwallet.com/api/user-authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.

Use native Patch auth:	Twitter Email Phone number Github
Use your own auth:	Use Auth0, Clerk.com, or another service to authenticate users. Then push transactions through their wallets. You get to choose your provider name like `uniswap`, `meta`, or `yourname`.