Auth Flow
SuperVaults uses Dynamic.xyz for wallet connection and JWT issuance.1
Connect Wallet
Open os.superform.xyz and click Connect Wallet. Dynamic.xyz presents a wallet selection modal supporting MetaMask, Rabby, WalletConnect, and others.
2
Sign Auth Message
Your wallet signs a non-transactional message. Dynamic.xyz verifies the signature and issues a JWT tied to your wallet address.
3
JWT Stored in Browser
SuperformOS stores auth state in
localStorage:curator_jwt— the Bearer token used on all API requestscurator_address— connected wallet addresscurator_is_manager— boolean flagcurator_vaults— array of vault addresses you operate
4
Auth Verified
The app calls
GET /api/v1/auth/me on load to fetch your vault roles and confirm the JWT is valid.Primary Auth Endpoint
GET /api/v1/auth/me is the primary authentication path. It returns the current user with all assigned vault roles. Use this endpoint when building integrations.JWT Verification Endpoint
Token Lifecycle
- JWTs expire after a session period defined by Dynamic.xyz
- Any
401 Unauthorizedfrom Erebor triggers automatic logout viaauthService.handleAutoLogout() - Reconnecting your wallet re-issues a fresh JWT
Public Endpoints (No Auth)
Programmatic Authentication
For automation scripts, generate a JWT without the browser:- Sign an EIP-712 auth message with your wallet’s private key
- Submit the signature to Dynamic.xyz to receive a JWT
- Pass the JWT as
Authorization: Bearer <jwt>on all requests
