/v1/referral/activate-tx and for notifications.
Auth does not replace Solana transaction signing. Phoenix instructions still need the correct wallet, authority, position authority, or fee payer signature depending on the instruction.
Lifecycle
- Request a challenge from Phoenix.
- Sign the challenge with the authority wallet.
- Exchange the signature for an auth response.
- Use
Authorization: Bearer <access_token>on authenticated routes. - Refresh with
POST /v1/auth/refreshbefore the access token expires. - Reauthenticate when refresh fails with a terminal auth error.
Endpoints
Routes that can benefit from or require auth:
- Referral-code onboarding: see Trader Onboarding.
- Notifications over REST or WebSocket.
- Any protected account, user, or builder workflow marked with bearer auth in the API reference.
- Authenticated integrations that need higher rate limits than anonymous public traffic.
Wallet login
This TypeScript example is written for a browser wallet that supportssignMessage.
Refresh
With a managed SDK session, refresh is normally automatic before authenticated HTTP and WebSocket requests. Manual refresh is still useful when you want to force rotation after loading a saved session.invalid_refresh_tokenrefresh_expiredsession_missing