Build authentication with XMTP
The XMTP message API revolves around a network client that allows retrieving and sending messages to other network participants. A client must be connected to a wallet on startup. The client will request a wallet signature in two cases:
- To sign the newly generated key bundle. This happens only the very first time when key bundle is not found in storage.
- To sign a random salt used to encrypt the key bundle in storage. This happens every time the client is started (including the very first time).
Add the provider (React SDK only)
To use the hooks provided by the React SDK, you must wrap your app with an XMTPProvider. This gives the hooks access to the XMTP client instance.
info
There’s only one client instance per provider.
- React
import { XMTPProvider } from "@xmtp/react-sdk";
createRoot(document.getElementById("root") as HTMLElement).render(
<StrictMode>
<XMTPProvider>
<App />
</XMTPProvider>
</StrictMode>,
);
Create a client
A client is created that requires passing in a connected wallet that implements the Signer interface. Use client configuration options to change parameters of a client's network connection.
- JavaScript
- Swift
- Dart
- Kotlin
- React
- React Native
import { Client } from "@xmtp/xmtp-js";
// Create the client with a `Signer` from your application
const xmtp = await Client.create(wallet, { env: "dev" });
import XMTP
// Create the client with a `SigningKey` from your app
let client = try await Client.create(
account: account, options: .init(api: .init(env: .production)))
/*The client has two constructors: `createFromWallet` and `createFromKeys`.
The first time a user uses a new device, they should call `createFromWallet`. This will prompt them
to sign a message to do one of the following: Create a new identity (if they're new) or enable their existing identity (if they've used XMTP before)
When this succeeds, it configures the client with a bundle of `keys` that can be stored securely on
the device.*/
var api = xmtp.Api.create();
var client = await Client.createFromWallet(api, wallet);
await mySecureStorage.save(client.keys.writeToBuffer());
//The second time a user launches the app they should call `createFromKeys` using the stored `keys` from their previous session.
var stored = await mySecureStorage.load();
var keys = xmtp.PrivateKeyBundle.fromBuffer(stored);
var api = xmtp.Api.create();
var client = await Client.createFromKeys(api, keys);
// Create the client with a `SigningKey` from your app
val options =
ClientOptions(
api = ClientOptions.Api(env = XMTPEnvironment.PRODUCTION, isSecure = true)
)
val client = Client().create(account = account, options = options)
export const CreateClient: React.FC<{ signer: Signer }> = ({ signer }) => {
const { client, error, isLoading, initialize } = useClient();
const handleConnect = useCallback(async () => {
await initialize({ signer });
}, [initialize]);
if (error) {
return "An error occurred while initializing the client";
}
if (isLoading) {
return "Awaiting signatures...";
}
if (!client) {
return (
<button type="button" onClick={handleConnect}>
Connect to XMTP
</button>
);
}
return "Connected to XMTP";
};
import { Client } from "@xmtp/xmtp-react-native";
// Create the client with a `Signer` from your application
const xmtp = await Client.create(wallet);
Saving keys
You can export the unencrypted key bundle using the static method getKeys, save it somewhere secure, and then provide those keys at a later time to initialize a new client using the exported XMTP identity.
- JavaScript
- Swift
- Kotlin
- React
- React Native
// Get the keys using a valid Signer. Save them somewhere secure.
import { loadKeys, storeKeys } from "./helpers";
let keys = loadKeys(address);
if (!keys) {
keys = await Client.getKeys(signer, {
...clientOptions,
// we don't need to publish the contact here since it
// will happen when we create the client later
skipContactPublishing: true,
// we can skip persistence on the keystore for this short-lived
// instance
persistConversations: false,
});
storeKeys(address, keys);
}
const client = await Client.create(null, { privateKeyOverride: keys });
We are using the following helper funtions to store and retrieve the keys
// Create a client using keys returned from getKeys
const ENCODING = "binary";
export const buildLocalStorageKey = (walletAddress: string) =>
walletAddress ? `xmtp:${"dev"}:keys:${walletAddress}` : "";
export const loadKeys = (walletAddress: string): Uint8Array | null => {
const val = localStorage.getItem(buildLocalStorageKey(walletAddress));
return val ? Buffer.from(val, ENCODING) : null;
};
export const storeKeys = (walletAddress: string, keys: Uint8Array) => {
localStorage.setItem(
buildLocalStorageKey(walletAddress),
Buffer.from(keys).toString(ENCODING),
);
};
export const wipeKeys = (walletAddress: string) => {
// This will clear the conversation cache + the private keys
localStorage.removeItem(buildLocalStorageKey(walletAddress));
};
// Create the client with a `SigningKey` from your app
let client = try await Client.create(
account: account, options: .init(api: .init(env: .production)))
// Get the key bundle
let keys = client.privateKeyBundle
// Serialize the key bundle and store it somewhere safe
let keysData = try keys.serializedData()
Once you have those keys, you can create a new client with Client.from:
let keys = try PrivateKeyBundle(serializedData: keysData)
let client = try Client.from(bundle: keys, options: .init(api: .init(env: .production)))
// Create the client with a `SigningKey` from your app
val options =
ClientOptions(
api = ClientOptions.Api(env = XMTPEnvironment.PRODUCTION, isSecure = true)
)
val client = Client().create(account = account, options = options)
// Get the key bundle
val keys = client.privateKeyBundleV1
// Serialize the key bundle and store it somewhere safe
val serializedKeys = PrivateKeyBundleV1Builder.encodeData(v1)
Once you have those keys, you can create a new client with Client().buildFrom():
val keys = PrivateKeyBundleV1Builder.fromEncodedData(serializedKeys)
val client = Client().buildFrom(bundle = keys, options = options)
import { Client, useClient } from "@xmtp/react-sdk";
import type { Signer } from "@xmtp/react-sdk";
export const CreateClientWithKeys: React.FC<{ signer: Signer }> = ({ signer }) => {
const { initialize } = useClient();
// initialize client on mount
useEffect(() => {
const init = async () => {
// get the keys using a valid Signer
const keys = await Client.getKeys(signer);
// create a client using keys returned from getKeys
await initialize({ keys, signer });
};
void init();
}, []);
return (
...
);
};
import { Client } from "@xmtp/xmtp-react-native";
// Get the keys using a valid Signer. Save them somewhere secure.
const keys = await Client.exportKeyBundle();
// Create a client using keys returned from getKeys
const client = await Client.createFromKeyBundle(keys, "dev");
Configure the client
Configure a client's network connection and other options using these client creation parameters:
Set the env client option to dev while developing. Set it to production before you launch.
- JavaScript
- Swift
- Dart
- Kotlin
- React
- React Native
| Parameter | Default | Description |
|---|---|---|
| appVersion | undefined | Add a client app version identifier that's included with API requests. Production apps are strongly encouraged to set this value. For example, you can use the following format: appVersion: APP_NAME + '/' + APP_VERSION.Setting this value provides telemetry that shows which apps are using the XMTP client SDK. This information can help XMTP developers provide app support, especially around communicating important SDK updates, including deprecations and required upgrades. |
| env | dev | Connect to the specified XMTP network environment. Valid values include dev, production, or local. For important details about working with these environments, see XMTP production and dev network environments. |
| apiUrl | undefined | Manually specify an API URL to use. If specified, value of env will be ignored. |
| keystoreProviders | [StaticKeystoreProvider, NetworkKeystoreProvider, KeyGeneratorKeystoreProvider] | Override the default behavior of how the Client creates a Keystore with a custom provider. This can be used to get the user's private keys from a different storage mechanism. |
| persistConversations | true | Maintain a cache of previously seen V2 conversations in the storage provider (defaults to LocalStorage). |
| skipContactPublishing | false | Do not publish the user's contact bundle to the network on Client creation. Designed to be used in cases where the Client session is short-lived (for example, decrypting a push notification), and where it is known that a Client instance has been instantiated with this flag set to false at some point in the past. |
| codecs | [TextCodec] | Add codecs to support additional content types. |
| maxContentSize | 100M | Maximum message content size in bytes. |
| preCreateIdentityCallback | undefined | preCreateIdentityCallback is a function that will be called immediately before a Create Identity wallet signature is requested from the user. |
| preEnableIdentityCallback | undefined | preEnableIdentityCallback is a function that will be called immediately before an Enable Identity wallet signature is requested from the user. |
| Parameter | Default | Description |
|---|---|---|
| appVersion | undefined | Add a client app version identifier that's included with API requests. Production apps are strongly encouraged to set this value. For example, you can use the following format: appVersion: APP_NAME + '/' + APP_VERSION.Setting this value provides telemetry that shows which apps are using the XMTP client SDK. This information can help XMTP developers provide app support, especially around communicating important SDK updates, including deprecations and required upgrades. |
| env | dev | Connect to the specified XMTP network environment. Valid values include .dev, .production, or .local. For important details about working with these environments, see XMTP production and dev network environments. |
Configure env
// Configure the client to use the `production` network
let clientOptions = ClientOptions(api: .init(env: .production))
let client = try await Client.create(account: account, options: clientOptions)
You can configure the client environment when you call Api.create().
By default, it will connect to a local XMTP network.
For important details about connecting to environments, see XMTP production and dev network environments.
| Parameter | Default | Description |
|---|---|---|
| appVersion | undefined | Add a client app version identifier that's included with API requests. Production apps are strongly encouraged to set this value. For example, you can use the following format: appVersion: APP_NAME + '/' + APP_VERSION.Setting this value provides telemetry that shows which apps are using the XMTP client SDK. This information can help XMTP developers provide app support, especially around communicating important SDK updates, including deprecations and required upgrades. |
| env | DEV | Connect to the specified XMTP network environment. Valid values include DEV, .PRODUCTION, or LOCAL. For important details about working with these environments, see XMTP production and dev network environments. |
Configure env
// Configure the client to use the `production` network
val options =
ClientOptions(
api = ClientOptions.Api(env = XMTPEnvironment.PRODUCTION, isSecure = true)
)
val client = Client().create(account = account, options = options)
note
The apiUrl, keyStoreType, codecs, and maxContentSize parameters from the XMTP client SDK for JavaScript (xmtp-js) are not yet supported.
| Parameter | Default | Description |
|---|---|---|
| appVersion | undefined | Add a client app version identifier that's included with API requests. For example, you can use the following format: appVersion: APP_NAME + '/' + APP_VERSION. Setting this value provides telemetry that shows which apps are using the XMTP client SDK. This information can help XMTP developers provide app support, especially around communicating important SDK updates, including deprecations and required upgrades. |
| env | dev | Connect to the specified XMTP network environment. Valid values include dev, production, or local. For important details about working with these environments, see XMTP production and dev network environments. |
| apiUrl | undefined | Manually specify an API URL to use. If specified, value of env will be ignored. |
| keystoreProviders | [StaticKeystoreProvider, NetworkKeystoreProvider, KeyGeneratorKeystoreProvider] | Override the default behavior of how the client creates a Keystore with a custom provider. This can be used to get the user's private keys from a different storage mechanism. |
| persistConversations | true | Maintain a cache of previously seen V2 conversations in the storage provider (defaults to LocalStorage). |
| skipContactPublishing | false | Do not publish the user's contact bundle to the network on client creation. Designed to be used in cases where the client session is short-lived (for example, decrypting a push notification), and where it is known that a client instance has been instantiated with this flag set to false at some point in the past. |
| codecs | [TextCodec] | Add codecs to support additional content types. |
| maxContentSize | 100M | Maximum message content size in bytes. |
| preCreateIdentityCallback | undefined | preCreateIdentityCallback is a function that will be called immediately before a Create Identity wallet signature is requested from the user. |
| preEnableIdentityCallback | undefined | preEnableIdentityCallback is a function that will be called immediately before an Enable Identity wallet signature is requested from the user. |
| Parameter | Default | Description |
|---|---|---|
| appVersion | undefined | Add a client app version identifier that's included with API requests. Production apps are strongly encouraged to set this value. For example, you can use the following format: appVersion: APP_NAME + '/' + APP_VERSION.Setting this value provides telemetry that shows which apps are using the XMTP client SDK. This information can help XMTP developers provide app support, especially around communicating important SDK updates, including deprecations and required upgrades. |
| env | dev | Connect to the specified XMTP network environment. Valid values include dev, production, or local. For important details about working with these environments, see XMTP production and dev network environments. |
Environments
XMTP identity on dev network is completely distinct from its XMTP identity on the production network, as are the messages associated with these identities.
production: This network is used in production and is configured to store messages indefinitely.Try the web inbox at https://xmtp.chat/.
Send a message to our
gmbot to get started.gm.xmtp.eth
dev: XMTP may occasionally delete messages and keys from this networkTry the web dev inbox at https://dev.xmtp.chat/.
Send a message to our
gmbot to get started.0x8DC925338C1eE1fE62c0C43404371deb701BfB55
local: Use to have a client communicate with an XMTP node you are running locally. For example, an XMTP node developer can setenvtolocalto generate client traffic to test a node running locally.
