App Setup
Before writing any SDK code, you need two things: an App ID and an authentication method. These are configured once when you register your app with Privacy Boost.Getting an App ID
The App ID is a unique identifier for your application (e.g.,app_abc123xyz). You pass it to the SDK at initialization, and the backend uses it to identify your app, apply rate limits, and enforce access controls.
To get one, contact the Privacy Boost team with your application name and use case.
Choosing an Authentication Method
When your app is created, you choose how users authenticate. This controls what credentials are required when the SDK logs in a user.Which method should I use?
| Your situation | Auth method | Backend required? | Guide |
|---|---|---|---|
| Development, testing, or prototyping | Direct | No | Built-in — just call authenticate() |
| Your backend manages users, no third-party auth | API Secret | Yes | Setup guide |
| You use Privy for login | Privy | No | Setup guide |
| You use Dynamic for login | Dynamic (Custom JWT) | No | Setup guide |
| You use Auth0, Firebase, Supabase, Clerk, or another OIDC provider | Custom JWT | No | Setup guide |
How Authentication Works Under the Hood
Everyauthenticate() call goes through two steps:
- App verification — The backend checks your app’s credentials (App ID only, API secret, or JWT depending on your method). This confirms the request comes from a legitimate app.
- Key verification — The SDK proves the user owns their privacy keys by signing a cryptographic challenge. This happens automatically inside
authenticate().
Next Steps
Configuration
Initialize the SDK with your App ID and endpoints
Authentication
The authenticate() flow, wallet popups, and session management