Skip to content

Account Service

The Account Service allows you to create and sign in to accounts.

Wallets vs Accounts

Wallets and accounts are related and often interchangeable -- each account has an associated wallet, and operations on a wallet are performed using an account's access token.

Every account has exactly one wallet.

Authentication Tokens

When you create or sign in to an account, the response is an authentication token string.

This string is an encoded form of your account profile, as well as an access key to perform calls using the account.

These are effectively API keys; they should be kept safe and never published.

Login

Attempts the first step of the login process for the specified account, creating it if it does not already exist.

Trinsic will response with a challenge, and send an authentication code to the account's email address.

The authentication code must be passed along with challenge to LoginConfirm to finalize the login.

trinsic account login --email "[email protected]" --ecosystem "<ecosystem id or name>"

const loginResponse = await trinsic.account().login(
    LoginRequest.fromPartial({
        ecosystemId: myEcosystemIdOrName(),
        email: "[email protected]",
    })
);

var loginResponse = await trinsic.Account.LoginAsync(new() {
    // ecosystem id or name
    EcosystemId = ecosystemId,
    Email = "[email protected]"
});

login_response = await trinsic.account.login(
    request=LoginRequest(
        email="[email protected]", ecosystem_id="<ecosystem id or name>"
    )
)

loginResponse, err := trinsic.Account().Login(context.Background(), &account.LoginRequest{
    Email:       "[email protected]",
    EcosystemId: myEcosystemIdOrName,
})

var loginResponse =
    trinsic
        .account()
        .login(
            LoginRequest.newBuilder()
                .setEmail("[email protected]")
                .setEcosystemId(myEcosystemIdOrName)
                .build())
        .get();

LoginRequest
Request to begin login flow
email
optional string
Email address of account. If unspecified, an anonymous account will be created.
invitation_code
optional string
DEPRECATED, will be removed April 1st 2023 Invitation code associated with this registration
ecosystem_id
optional string
ID of Ecosystem to sign into. Ignored if invitation_code is passed.

LoginResponse
Response to LoginRequest
challenge
bytes
Random byte sequence unique to this login request. If present, two-factor confirmation of login is required. Must be sent back, unaltered, in LoginConfirm.
profile
AccountProfile
Account profile response. If present, no confirmation of login is required.
Show child attributes

Anonymous Login

Anonymous accounts are accounts which are not tied to any email or phone number, and do not require any authentication. They are typically used for testing and prototypes.

To create an anonymous account with an SDK, use the TrinsicService.LoginAnonymous() method.

To create an anonymous account with the CLI, simply leave the email parameter unspecified.

Login Confirm

Finalizes the login process.

You must pass challenge as it was received in response to Login, along with the confirmation code that was sent in an email.

Our SDK will take care of hashing the confirmation code for you.

trinsic account login --email "[email protected]"

const authToken = await trinsic
    .account()
    .loginConfirm(loginResponse.challenge, "12345");

var authToken = await trinsic.Account.LoginConfirmAsync(loginResponse.Challenge, authCode);

auth_token = await trinsic.account.login_confirm(
    challenge=login_response.challenge, auth_code="12345"
)

authToken, err := trinsic.Account().LoginConfirm(context.Background(), loginResponse.GetChallenge(), "12345")

var authToken = trinsic.account().loginConfirm(myLoginResponse.getChallenge(), "12345").get();

LoginConfirmRequest
Request to finalize login flow
challenge
bytes
Challenge received from Login
confirmation_code_hashed
bytes
Two-factor confirmation code sent to account email or phone, hashed using Blake3. Our SDKs will handle this hashing process for you.

LoginConfirmResponse
Response to LoginConfirmRequest
profile
AccountProfile
Profile response; must be unprotected using unhashed confirmation code. Our SDKs will handle this process for you, and return to you an authentication token string.
Show child attributes

Get Account Info

Returns the account information (name, email address, phone number, etc.) used to create the currently-active account profile.

trinsic account info

const info = await accountService.info();

var info = await trinsic.Account.GetInfoAsync();

info = await service.get_info()

info2, err2 := trinsic.Account().GetInfo(context.Background())

var info = trinsic.account().getInfo().get();

AccountInfoRequest
Request for information about the account used to make the request
This message has no fields

AccountInfoResponse
Information about the account used to make the request
details
AccountDetails
The account details associated with the calling request context
Show child attributes
ecosystems
AccountEcosystem[]
Use ecosystem_id instead
Show child attributes
wallet_id
string
The wallet ID associated with this account
device_id
string
The device ID associated with this account session
ecosystem_id
string
The ecosystem ID within which this account resides
public_did
string
The public DID associated with this account. This DID is used as the issuer when signing verifiable credentials

Note

This call returns the information associated with the authentication token used to create the request; therefore, it is not possible to pass a different authentication token to this call. Otherwise, Trinsic's zero-knowledge proof authentication scheme would be violated.

When using the CLI, this will return information for the account most recently logged in to.

When using the SDK, this will return information for the authentication token stored in the AccountService instance's ServiceOptions.AuthToken field, which will be the account most recently logged in to, unless you have manually set this value yourself.