Menu
How It Works For Businesses For Token & NFT Holders Developers For Foundations FAQ Blog
Get Started
Developers  /  WDK Wallet Auth
@insumermodel/wdk-protocol-wallet-auth @ 0.1.0

Wallet Auth for Tether's WDK

A protocol module for tetherto/wdk that adds pre-transaction, condition-based access. Cryptographically signed attestations and trust profiles, verifiable offline. OAuth proves who you are — wallet auth proves what you hold.

npm Package GitHub Read the Announcement

The fifth protocol

WDK ships four protocol categories out of the box. We add a fifth — Wallet Auth — as a first-class module alongside them.

Swap

Velora

Bridge

USDT0 / LayerZero

Lending

Aave

Fiat

MoonPay

Wallet Auth

InsumerAPI

Each WDK protocol module exposes a typed interface that wallet apps compose into their flow. SwapProtocol has quoteSwap() and swap(). LendingProtocol has supply(), borrow(), repay(). WalletAuthProtocol has two verbs for the two jobs it does: attest an address against a set of on-chain conditions, and produce a signed multi-dimensional trust profile. Both are pre-transaction checks. Neither touches private keys.

Install

bash
npm install @insumermodel/wdk-protocol-wallet-auth

Attest: signed pass/fail in one call

Evaluate 1–10 on-chain conditions against any address. Returns an ECDSA P-256 signed boolean, with optional ES256 JWT output and EIP-1186 Merkle proofs.

javascriptattest()
import WalletAuth from '@insumermodel/wdk-protocol-wallet-auth' const walletAuth = new WalletAuth({ apiKey: process.env.INSUMER_API_KEY }) const { passed, attestation, sig, kid, jwt } = await walletAuth.attest({ address: '0xCounterparty...', conditions: [ { type: 'token_balance', contractAddress: '0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48', chainId: 1, threshold: 1000, decimals: 6, label: 'USDC >= 1000' } ], jwt: true }) if (!passed) throw new Error('counterparty failed wallet auth check') // sig + kid are the audit trail, verifiable offline against the JWKS.

Trust: multi-dimensional profile

36+ signed checks across stablecoins, governance, NFTs, and staking. Add Solana, XRPL, or Bitcoin addresses for additional dimensions. Each check is individually signed.

javascripttrust()
const { trust, sig, kid, creditsCharged } = await walletAuth.trust({ address: '0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045', solanaAddress: 'Sol...', // optional xrplAddress: 'r...', // optional bitcoinAddress: 'bc1q...' // optional }) // trust.id — TRST-XXXXX profile id // trust.dimensions — per-dimension checks // trust.summary — totalChecks, totalPassed, dimensionsWithActivity

Who it's for

Three distinct buyers for a pre-transaction check inside a self-custodial wallet. WDK touches all three.

Agent wallets

WDK explicitly targets "humans, machines, and AI agents." When an autonomous agent holds keys, the operator wants programmable constraints the agent can't argue its way around — plus a cryptographic audit trail the operator can verify after the fact.

Consumer apps on WDK rails

Creator-payment tools, remittance apps, treasury products — anything that needs a policy layer between "user clicks send" and "transaction broadcasts." Travel Rule, sanctions, counterparty risk. Drop-in, portable attestation format.

Receive-side trust display

Before accepting an incoming payment, show a trust profile on the sending wallet. A creator wants to know a payment isn't from a mixer. A merchant wants to know the USDT isn't about to be frozen.

API surface

Method Maps to Signed Credits
attest({ address, conditions, jwt?, merkleProof? }) POST /v1/attest ECDSA P-256 + optional ES256 JWT 1 (2 with merkleProof)
trust({ address, solanaAddress?, xrplAddress?, bitcoinAddress? }) POST /v1/trust ECDSA P-256 3 (6 with merkleProof)

Verification

Every result carries a signature (sig) and key ID (kid) that let any party verify the result offline, without calling the API, against the public JWKS:

url
https://insumermodel.com/.well-known/jwks.json

Use any standard JOSE or JWT library, or npm install insumer-verify for a convenience wrapper. If you request jwt: true on attest(), the output is also a standard ES256 JWT — Kong, Nginx, Cloudflare Access, and AWS API Gateway can verify it the same way they verify any other JWT.

Supported chains

InsumerAPI covers 33 chains: 30 EVM networks (Ethereum, Polygon, Arbitrum, Optimism, Base, Avalanche, BNB, and the full major-EVM set), plus Solana, XRPL, and Bitcoin. The module works today on every WDK surface that overlaps: wdk-wallet-evm, wdk-wallet-solana, and wdk-wallet-btc. It also covers XRPL natively, even though WDK does not yet ship an XRPL wallet module.

Not yet covered: TRON, TON, and Lightning/Spark. Apps on those WDK runtimes can still call attest() or trust() against any EVM, Solana, Bitcoin, or XRPL address the user holds — they just can’t condition on (for example) a TRC-20 balance yet. Those three chains are on the roadmap; the request shape will be identical when they land. Multi-chain addresses (solanaAddress, xrplAddress, bitcoinAddress) are routed automatically based on each condition’s chainId.

Buying credits

Free tier ships 10 attestation credits on every new key — enough to run the module end-to-end before spending anything. When a wallet app needs more, credits are purchased on-chain via POST /v1/credits/buy: no Stripe, no signup, no fiat. Supported rails: USDC or USDT on any major EVM chain (auto-detected from the transaction), USDC on Solana, or BTC on Bitcoin. Credits post as soon as the transaction confirms on-chain.

Runtimes

Node.js ≥ 18 (uses built-in fetch), Bare Kit and React Native (pass a fetch override in the constructor), and browsers (CORS is enabled on api.insumermodel.com). The module is ESM-only and ships with no runtime dependencies.

Ready to ship?

npm install @insumermodel/wdk-protocol-wallet-auth — then get a free API key with 10 credits.

Get an API Key   View Source on GitHub