HTTP-Native Wallet Authentication for Solana
AutoIncentive leverages the OpenKitx403arrow-up-right protocol to provide secure, stateless wallet authentication for our platform. This HTTP-native authentication system enables seamless wallet-based access control without requiring custom protocols or account secrets.
OpenKitx403 is an open-source, HTTP-native wallet authentication protocol for Solana that uses standard HTTP 403 responses as the authentication primitive. It provides:
HTTP-Native - Uses standard HTTP 403 challenges
Stateless - No server-side sessions required
Secure - Ed25519 signature verification with replay protection
Easy Integration - Drop-in middleware for Express, Fastify, and FastAPI
AI-Friendly - LangChain integration and autonomous agent support
Token-Gating Ready - Built-in support for NFT/token requirements
How AutoIncentive Uses x403
AutoIncentive implements x403 authentication on our servers, enabling secure wallet-based access to our platform services. Both our server infrastructure and AI agents run on AutoIncentive servers, providing a unified authentication experience.
Authentication Flow
User/Agent Request → Protected Resource (403 Challenge) → Wallet Signature Request → Signed Challenge (Authorization Header) → Server Verification → Access Granted (200 OK)
Copy ┌─────────────────┐
│ AutoIncentive │
│ Servers │
├─────────────────┤
│ │
│ x403 Middleware│ ← HTTP 403 Challenges
│ │
│ Server & Bot │ ← Runs on AutoIncentive
│ │
│ Protected APIs │ ← Wallet-authenticated
│ │
└─────────────────┘ Benefits for Clients
No Account Management
Users don't need to create accounts, remember passwords, or manage account secrets. Authentication is handled entirely through their Solana wallet.
Benefits:
✅ No registration process
✅ No account recovery needed
✅ Wallet is your identity
Stateless Authentication
x403 is completely stateless - no server-side sessions required. This means:
Scalability - No session storage needed
Performance - Faster authentication
Reliability - No session expiration issues
Simplicity - Easier to implement and maintain
Secure by Design
x403 uses cryptographic signatures (Ed25519) for authentication:
Replay Protection - Nonce-based challenge system
Method/Path Binding - Prevents cross-endpoint replay
Short-Lived Challenges - 60-second default TTL
Clock Skew Tolerance - Handles time differences
Origin Binding - Optional additional security layer
Seamless User Experience
Authentication happens automatically through wallet interactions:
User accesses protected resource
Server responds with 403 + challenge
Wallet prompts for signature
Access granted automatically
Token-Gating Support
x403 supports token-gating, allowing AutoIncentive to restrict access based on NFT or token holdings:
NFT Requirements - Access only for NFT holders
Token Requirements - Minimum token balance requirements
Custom Logic - Implement any gating logic
Dynamic Verification - Real-time token checking
Primary Use Case: autoincentive.online/aitholdersarrow-up-right
The AI Holders platform uses x403 authentication to provide exclusive access to AI agent holders.
How It Works (AI Holders)
User visits protected resource
Server challenges with x403
Server verifies wallet holds required AI agent NFT/token
Access granted if requirements met
Exclusive Access — Only AI agent holders can access
Automatic Verification — Token holdings checked on each request
Secure — Cryptographic proof of ownership
No Accounts — Pure wallet-based authentication
✅ Instant access for holders
✅ Secure token verification
✅ Seamless user experience
Agent Authentication
AI agents running on AutoIncentive servers use x403 for secure API access.
Agent needs to access protected API
Server challenges with x403
Agent wallet signs challenge
Server verifies signature
API Access — Agents authenticate to use platform APIs
Service Access — Agents access communication services
Data Access — Agents access protected data endpoints
Resource Access — Agents access platform resources
AutoIncentive uses x403 to protect various platform services:
Protected Resources:
Dashboard Access — Wallet-authenticated dashboard
API Endpoints — Secure API access
Agent Management — Agent configuration interfaces
Analytics — Protected analytics dashboards
Settings — Platform configuration access
Technical Implementation
Server-Side Integration
AutoIncentive implements x403 on our servers using the official SDKs.
Express/Fastify (TypeScript)
FastAPI (Python)
Client-Side Integration
Users interact with x403-protected resources through their wallets.
Authentication Process
Step 1: Initial Request
Step 2: Challenge Response
Step 3: Wallet Signature
User's wallet signs the challenge using Ed25519.
Step 4: Authenticated Request
Step 5: Success Response
Security Features
Replay Protection
x403 prevents replay attacks through:
Nonce Store - Tracks used challenges
TTL Expiration - Challenges expire after 60 seconds
Method/Path Binding - Challenges tied to specific endpoints
One-Time Use - Each challenge can only be used once
Signature Verification
Ed25519 Cryptography - Industry-standard signature algorithm
Wallet Verification - Signature verified against wallet address
Challenge Binding - Signature tied to specific challenge
Timestamp Validation - Clock skew tolerance built-in
AutoIncentive implements token-gating for exclusive access:
AI Agent Integration
AutoIncentive's AI agents use x403 for secure authentication.
Agent Authentication Flow
Agent Initialization
Agent connects to AutoIncentive servers
Server challenges with x403
Agent wallet signs challenge
Persistent Authentication
Agent stores authentication token
Re-authenticates when needed
Agent makes authenticated requests
Server verifies x403 signature
Access granted based on agent permissions
LangChain Integration
Supported Wallets
AutoIncentive supports all major Solana wallets through x403:
Wallet
Browser
Mobile
Status
Any WalletConnect-compatible wallet
Server Infrastructure
AutoIncentive Servers
Dedicated Servers - Full control over authentication
High Availability - Redundant server infrastructure
Performance - Optimized for fast authentication
Security - Enterprise-grade security measures
Bot Infrastructure
Server-Side Execution - Bots run on our infrastructure
x403 Authentication - Bots authenticate using x403
Secure Communication - All bot-server communication secured
Scalable - Handles multiple concurrent bots
The AI Holders platformarrow-up-right demonstrates x403 authentication in action.
Exclusive Access — Only wallets holding specific AI agent NFTs/tokens can access
Automatic verification on each request
No manual whitelisting needed
Seamless Authentication — Users connect wallet once; automatic authentication for subsequent requests; no account creation required
Real-Time Verification — Token holdings checked on each request; up-to-date access control
Secure Access — Cryptographic proof of ownership; transparent verification process
Advantages Over Traditional Authentication
Traditional Authentication Issues
❌ Requires account creation
❌ Password management complexity
❌ Session management overhead
❌ Account recovery processes
❌ Centralized user database
✅ Wallet-based (no accounts)
✅ Stateless (no sessions)
Getting Started
Connect Your Wallet
Visit protected resource (e.g., /aitholders)
Connect your Solana wallet when prompted
Sign the authentication challenge
Access Granted
If you hold required tokens/NFTs, access is granted
No account creation needed
Configure Middleware
Configure token gating (if needed)
Protect Routes
Add middleware to protected routes
Access authenticated user info
Configure Agent Wallet
Fund if needed for operations
Integrate x403 Client
Handle authentication flow
Store authentication tokens
Make Authenticated Requests
Include x403 authorization headers
Handle authentication errors
Re-authenticate when needed
Official x403 Resources
AutoIncentive Integration
Platform Features - Platform capabilities
Community Resources
Security & Best Practices
Security Recommendations
✅ Always verify signatures server-side
✅ Use short TTL for challenges (60s default)
✅ Implement replay protection
✅ Use token gating for exclusive access
✅ Monitor authentication attempts
✅ Handle clock skew properly
Implement proper error handling
Log authentication events
Test in development environment
Monitor authentication success rates
Keep server infrastructure secure
chevron-right hashtag x403 uses wallet signatures instead of passwords, requires no account creation, and is completely stateless. It's built specifically for blockchain-based authentication.
chevron-right hashtag No! x403 authentication is wallet-based. You only need a Solana wallet - no account creation required.
chevron-right hashtag When you access a protected resource, the server checks if your wallet holds the required NFTs or tokens. If you do, access is granted automatically.
chevron-right hashtag Yes! x403 uses Ed25519 cryptographic signatures, replay protection, and short-lived challenges. It's designed with security as a primary concern.
chevron-right hashtag Absolutely! AutoIncentive's AI agents use x403 for authentication. The protocol includes LangChain integration for easy agent implementation.
chevron-right hashtag You'll receive a 403 Forbidden response. The server will indicate what tokens/NFTs are required for access.
chevron-right hashtag Yes, through WalletConnect. Mobile wallets that support WalletConnect can authenticate using x403.
Last updated 3 months ago
