Getting Started
Authentication
Two ways in: wallet sign-in for the dApp, and bearer keys for programmatic access.
Wallet (dApp)
The dApp authenticates by wallet using Sign-In With Robinhood Chain, connect a wallet (MetaMask, Rabby, Backpack, …), sign a one-time challenge, and you're in. No passwords, no transaction, no gas.
Sign-in flow
- The client requests a one-time nonce for the wallet address.
- The wallet signs the exact challenge message (Ed25519).
- The server verifies the signature against the public key and mints an HttpOnly session cookie. The nonce is single-use, replays are rejected.
Signatures are verified server-side with WebCrypto Ed25519. The message is stored when issued and checked byte-for-byte, so there is no template drift and no way to reuse a challenge.
API keys
Programmatic access uses a bearer key scoped to your account:
bash
Authorization: Bearer $GROVE_KEYKeys meter usage per job and settle over x402. Rotate or revoke them anytime from the dApp.