The model
Calm authenticates users by wallet. Your app already proves the user owns a wallet through whatever sign-in stack you’ve wired up. Calm treat that as a proof for a short-livedcalm_session cookie
bound to the wallet, plus a 30-day calm_refresh cookie that lets the
SDK silently re-create the session without re-running the heavy
verification.
A publishable key (calm_public_(live|sandbox)_…) identifies your
Calm tenant on every session-create call. Issue them from your Calm dashboard;
live keys are tied to an HTTPS origin allowlist, sandbox keys are
unrestricted when the allowlist is empty.
How it works
The shape of “wallet proof” depends on the auth modality. Calm ships three out of the box, and you can plug in your own:<PrivyCalmProvider>— sends the user’s Privy identity token. Best when you’re already using Privy for sign-in.<DynamicCalmProvider>— sends the JWT Dynamic mints on sign-in. Best when you’re already using Dynamic for sign-in.<WagmiCalmProvider>— drops into any wagmi-based app; runs an EIP-4361 signature handshake on cold start, silent on refresh.