Authentication
Fiatsend uses wallet-based login (Privy) and issues a session (JWT) for API access.
Flow
- User connects wallet
- Privy verifies signature and returns session
- Backend establishes JWT session (httpOnly)
Headers
Authorization: Bearer <token>
Session best practices
- Short-lived tokens, refresh on activity
- Use httpOnly, Secure, SameSite cookies