Cavos - OAuth for Blockchain

Constructor

new CavosSDK(config: CavosConfig)

CavosConfig

interface CavosConfig {
  appId: string;                        // Required: App ID from https://cavos.xyz/dashboard
  network?: 'sepolia' | 'mainnet';      // Default: 'sepolia'
  paymasterApiKey?: string;             // Cavos Paymaster API key
  paymasterUrl?: string;                // Custom paymaster endpoint URL
  starknetRpcUrl?: string;              // Custom Starknet RPC URL
  backendUrl?: string;                  // Default: 'https://cavos.xyz'
  enableLogging?: boolean;              // Default: false
  session?: SessionConfig;              // Session duration and default policy
  oauthWallet?: Partial<OAuthWalletConfig>; // Advanced: custom class hash / registry
  slot?: SlotConfig;                   // Cartridge Slot (Katana) configuration
}

interface SlotConfig {
  rpcUrl: string;                   // Required: RPC URL of your Slot
  chainId?: string;                 // Hex of internal chain ID
  relayerAddress?: string;          // Optional: custom relayer
  relayerPrivateKey?: string;       // Optional: relayer private key
}

interface SessionConfig {
  sessionDuration?: number;         // Seconds (default: 86400 = 24h)
  renewalGracePeriod?: number;      // Seconds (default: 172800 = 48h)
  defaultPolicy?: SessionKeyPolicy;
}

interface SessionKeyPolicy {
  allowedContracts: string[];
  spendingLimits: Array<{ token: string; limit: bigint }>;
  maxCallsPerTx: number;
}

Initialization

`init()`

async init(): Promise<void>

Initialize the SDK and restore any existing session from storage. Called automatically by CavosProvider — only use directly when not using React.

const sdk = new CavosSDK({ appId: 'your-app-id', network: 'sepolia' });
await sdk.init();

`handlePopupCallback()` (static)

static handlePopupCallback(): boolean

Detect and handle OAuth callback in the auth popup tab. Returns true if this window is a popup child (and will close itself). Called automatically by CavosProvider.

Authentication

async login(provider: 'google' | 'apple'): Promise<void>

Start OAuth authentication. Opens a new tab; resolves when the user completes OAuth and the popup closes.

await sdk.login('google');
await sdk.login('apple');

`sendMagicLink(email)`

async sendMagicLink(email: string): Promise<void>

Send a passwordless magic link email. Returns immediately after the email is sent. Authentication completes in the background when the user clicks the link — subscribe via onAuthChange() to be notified.

await sdk.sendMagicLink('user@example.com');
// Listen for completion:
sdk.onAuthChange(() => {
  console.log('Auth complete:', sdk.getAddress());
});

`handleCallback(authDataString)`

async handleCallback(authDataString: string): Promise<void>

Process raw OAuth callback data. Used internally — you don’t normally call this directly.

`logout()`

async logout(): Promise<void>

Clear session and wallet state locally. The on-chain account is unaffected.

`isAuthenticated()`

isAuthenticated(): boolean

`getUserInfo()`

getUserInfo(): UserInfo | null

Returns { id, email, name, picture } from the JWT claims, or null if not authenticated.

Wallet

`getAddress()`

getAddress(): string | null

`getBalance()`

async getBalance(): Promise<string>

Returns the ETH balance of the wallet in wei as a string.

`isAccountDeployed()`

async isAccountDeployed(): Promise<boolean>

`deployAccount()`

async deployAccount(): Promise<string>

Manually deploy the account contract. Returns the transaction hash. Normally called automatically by the SDK after login.

`getWalletStatus()`

getWalletStatus(): WalletStatus

interface WalletStatus {
  isDeploying: boolean;
  isDeployed: boolean;
  isRegistering: boolean;
  isSessionActive: boolean;
  isReady: boolean;
  pendingDeployTxHash?: string;
}

`onWalletStatusChange(listener)`

onWalletStatusChange(listener: (status: WalletStatus) => void): () => void

Subscribe to wallet status updates. Returns an unsubscribe function.

const unsubscribe = sdk.onWalletStatusChange((status) => {
  if (status.isReady) console.log('Wallet ready at:', sdk.getAddress());
});

`onAuthChange(cb)`

onAuthChange(cb: () => void): () => void

Subscribe to auth state changes, e.g. when a magic link verification completes in the background. Returns an unsubscribe function.

`getSessionPublicKey()`

getSessionPublicKey(): string | null

Returns the public key of the current session key. Safe to display — does not expose the private key.

`getAssociatedWallets()`

async getAssociatedWallets(): Promise<{ address: string; name?: string }[]>

Discover all wallets associated with the current user in this app.

`switchWallet(name?)`

async switchWallet(name?: string): Promise<void>

Switch the active wallet by name. Omit name to switch back to the default wallet.

`getFundingAddress()`

getFundingAddress(): string | null

Alias for getAddress(). Returns the address to send funds to.

Transactions

`execute(calls, options?)`

async execute(
  calls: Call | Call[],
  options?: { gasless?: boolean }
): Promise<string>

Execute one or more transactions. Returns the transaction hash.

gasless: true (default) — Cavos Paymaster sponsors gas
gasless: false — wallet pays gas from its own STRK balance (requires session already registered)

`executeOnSlot(calls)`

async executeOnSlot(calls: Call | Call[]): Promise<string>

Execute transactions on a Cartridge Slot (Katana). Always fee-free, no paymaster needed. Handles account deployment and session registration on the Slot automatically on the first call. Throws:

JwtExpiredError — JWT has expired; user must re-login
Error('SESSION_EXPIRED') — session expired past grace period; user must re-login
Error('non-sponsored transaction without a registered session') — gasless: false before first tx

`signMessage(typedData)`

async signMessage(typedData: TypedData): Promise<string[]>

Sign SNIP-12 typed data with the session key. Returns [SESSION_V1_magic, r, s, session_key] — ready for on-chain is_valid_signature.

Session

`registerCurrentSession()`

async registerCurrentSession(): Promise<string>

Explicitly register the current session key on-chain using the current JWT. Returns the transaction hash. Normally called automatically — only needed for advanced flows.

Call updateSessionPolicy() before this if the policy changed after login.

`updateSessionPolicy(policy)`

updateSessionPolicy(policy: SessionKeyPolicy): void

Update the session policy that will be embedded on-chain at registration time. Must be called before registerCurrentSession() if the policy changed after login.

`renewSession()`

async renewSession(): Promise<string>

Renew an expired session key. The session must be registered on-chain and expired within the grace period (default 48h after expiry). Returns the transaction hash. Throws:

Error('Session is still active (Xh Ym remaining)') — not expired yet
Error('Session expired outside the grace period') — must re-login
Error('Session not registered on-chain yet') — execute a transaction first

`revokeSession(sessionKey)`

async revokeSession(sessionKey: string): Promise<string>

Revoke a specific session key on-chain. Uses JWT verification. Pass getSessionPublicKey() to revoke the current session.

const pubKey = sdk.getSessionPublicKey();
if (pubKey) await sdk.revokeSession(pubKey);

`emergencyRevokeAllSessions()`

async emergencyRevokeAllSessions(): Promise<string>

Revoke all active sessions by incrementing the on-chain revocation epoch. Returns the transaction hash.

After this, the user must re-login to transact again.

`exportSession()`

exportSession(): string

Export the active session as a base64-encoded token for use with the Cavos CLI or autonomous agents. The token includes the session private key and wallet address.

const token = sdk.exportSession();
// cavos session import <token>

Throws if no active session exists.

Onramp

`getOnramp(provider)`

getOnramp(provider: 'RAMP_NETWORK'): string

Get a fiat onramp URL for the connected wallet. Only available on mainnet. Throws:

Error('Onramp feature is not available on Sepolia network.')
Error('No account connected.')

Advanced

`getAccount()`

getAccount(): Account | null

Returns null in OAuth mode. Use execute() instead of accessing the Account directly.

Management API

SDK Classes

Types

Documentation Index

​Constructor

​CavosConfig

​Initialization

​init()

​handlePopupCallback() (static)

​Authentication

​login(provider)

​sendMagicLink(email)

​handleCallback(authDataString)

​logout()

​isAuthenticated()

​getUserInfo()

​Wallet

​getAddress()

​getBalance()

​isAccountDeployed()

​deployAccount()

​getWalletStatus()

​onWalletStatusChange(listener)

​onAuthChange(cb)

​getSessionPublicKey()

​getAssociatedWallets()

​switchWallet(name?)

​getFundingAddress()

​Transactions

​execute(calls, options?)

​executeOnSlot(calls)

​signMessage(typedData)

​Session

​registerCurrentSession()

​updateSessionPolicy(policy)

​renewSession()

​revokeSession(sessionKey)

​emergencyRevokeAllSessions()

​exportSession()

​Onramp

​getOnramp(provider)

​Advanced

​getAccount()