Skip to main content

The model

Calm authenticates users by wallet. Your app already proves the user owns a wallet through whatever sign-in stack you’ve wired up. Calm treat that as a proof for a short-lived calm_session cookie bound to the wallet, plus a 30-day calm_refresh cookie that lets the SDK silently re-create the session without re-running the heavy verification. A publishable key (calm_public_(live|sandbox)_…) identifies your Calm tenant on every session-create call. Issue them from your Calm dashboard; live keys are tied to an HTTPS origin allowlist, sandbox keys are unrestricted when the allowlist is empty.

How it works

The shape of “wallet proof” depends on the auth modality. Calm ships three out of the box, and you can plug in your own:
  • <PrivyCalmProvider> — sends the user’s Privy identity token. Best when you’re already using Privy for sign-in.
  • <DynamicCalmProvider> — sends the JWT Dynamic mints on sign-in. Best when you’re already using Dynamic for sign-in.
  • <WagmiCalmProvider> — drops into any wagmi-based app; runs an EIP-4361 signature handshake on cold start, silent on refresh.
You can offer multiple modalities under the same publishable key — the customer record is shared across them. Both cookies share the cross-site embed model (your app → Calm API).