This guide will walk you through all of the credentials you need to access Portal.

Portal API Authentication

There are two classes of authentication used with Portal.

Portal API key

The API key used by your server to make requests to Portal.

Getting a Portal API key

Reach out to us on Slack to get access to the web app!
Log in and create a Portal API Key at app.portalhq.io.

Client Session Token

Users are required to authenticate their devices to Portal in order to create wallets and submit transactions. Client Session Tokens (CST) are short-lived, auto-refreshing tokens used to authenticate users to Portal.
Short-Lived CSTs expire after 24 hours of no activity, after which a new CST will need to be requested from your backend.
Auto-Refreshing Every request authenticated with a CST updates the token to expire 24 hours from the time of that successful request. There is a max refresh duration of 7 days, after which a CST can no longer be updated.
The goal of this system is keep sessions short (reduce windows of attack) while reducing the number of requests required to create sessions.
In practice, this looks like:
  • Active User: If a user uses Portal once a day (their CST will continue to update the expiry by 24 hours) their device will only need to request a new CST from your backend once a week (after their CST hits the max refresh duration of 7 days).
  • Inactive User: If a user logs in once every few days or few weeks their device will need to request a new CST from your backend on every login (CSTs expire after 24 hours)

Server implementation

In order to authenticate mobile users with Portal, they will need a unique Client Session Token. This should initially be requested from your backend using the Portal API Key and then shared with mobile users after they log in to your mobile app.
Use your Portal API Key to fetch a Client Session Token for a user when they login to the mobile app.
const clientSessionToken = await axios
headers: {
Authorization: `Bearer ${<PORTAL_API_KEY>}`,
.then((res) => {
return res.data.clientSessionToken

npm Authentication

In order to use Portal's npm packages, you need to get an authToken for use in your .npmrc file.
Reach out to Portal on Slack to get an authToken

Using the authToken

Create an .npmrc file, if you do not already have one, at the root of your app. Using the npm authToken you received from us to configure permissions to install the module.
After collecting your credentials, you are ready to instantiate the Portal component in your app. Head back to Installation to install.