Skip to main content

Constructor

new CavosSDK(config: CavosConfig)

CavosConfig

interface CavosConfig {
  appId: string;                        // Required: App ID from https://cavos.xyz/dashboard
  network?: 'sepolia' | 'mainnet';      // Default: 'sepolia'
  paymasterApiKey?: string;             // Cavos Paymaster API key
  paymasterUrl?: string;                // Custom paymaster endpoint URL
  starknetRpcUrl?: string;              // Custom Starknet RPC URL
  backendUrl?: string;                  // Default: 'https://cavos.xyz'
  enableLogging?: boolean;              // Default: false
  session?: SessionConfig;              // Session duration and default policy
  oauthWallet?: Partial<OAuthWalletConfig>; // Advanced: custom class hash / registry
  slot?: SlotConfig;                   // Cartridge Slot (Katana) configuration
}

interface SlotConfig {
  rpcUrl: string;                   // Required: RPC URL of your Slot
  chainId?: string;                 // Hex of internal chain ID
  relayerAddress?: string;          // Optional: custom relayer
  relayerPrivateKey?: string;       // Optional: relayer private key
}

interface SessionConfig {
  sessionDuration?: number;         // Seconds (default: 86400 = 24h)
  renewalGracePeriod?: number;      // Seconds (default: 172800 = 48h)
  defaultPolicy?: SessionKeyPolicy;
}

interface SessionKeyPolicy {
  allowedContracts: string[];
  spendingLimits: Array<{ token: string; limit: bigint }>;
  maxCallsPerTx: number;
}

Initialization

init()

async init(): Promise<void>
Initialize the SDK and restore any existing session from storage. Called automatically by CavosProvider — only use directly when not using React. 
const sdk = new CavosSDK({ appId: 'your-app-id', network: 'sepolia' });
await sdk.init();

handlePopupCallback() (static)

static handlePopupCallback(): boolean
Detect and handle OAuth callback in the auth popup tab. Returns true if this window is a popup child (and will close itself). Called automatically by CavosProvider.

Authentication

login(provider)

async login(provider: 'google' | 'apple'): Promise<void>
Start OAuth authentication. Opens a new tab; resolves when the user completes OAuth and the popup closes. 
await sdk.login('google');
await sdk.login('apple');

async sendMagicLink(email: string): Promise<void>
Send a passwordless magic link email. Returns immediately after the email is sent. Authentication completes in the background when the user clicks the link — subscribe via onAuthChange() to be notified. 
await sdk.sendMagicLink('user@example.com');
// Listen for completion:
sdk.onAuthChange(() => {
  console.log('Auth complete:', sdk.getAddress());
});

handleCallback(authDataString)

async handleCallback(authDataString: string): Promise<void>
Process raw OAuth callback data. Used internally — you don’t normally call this directly.

logout()

async logout(): Promise<void>
Clear session and wallet state locally. The on-chain account is unaffected.

isAuthenticated()

isAuthenticated(): boolean

getUserInfo()

getUserInfo(): UserInfo | null
Returns { id, email, name, picture } from the JWT claims, or null if not authenticated.

Wallet

getAddress()

getAddress(): string | null

getBalance()

async getBalance(): Promise<string>
Returns the ETH balance of the wallet in wei as a string.

isAccountDeployed()

async isAccountDeployed(): Promise<boolean>

deployAccount()

async deployAccount(): Promise<string>
Manually deploy the account contract. Returns the transaction hash. Normally called automatically by the SDK after login.

getWalletStatus()

getWalletStatus(): WalletStatus

interface WalletStatus {
  isDeploying: boolean;
  isDeployed: boolean;
  isRegistering: boolean;
  isSessionActive: boolean;
  isReady: boolean;
  pendingDeployTxHash?: string;
}

onWalletStatusChange(listener)

onWalletStatusChange(listener: (status: WalletStatus) => void): () => void
Subscribe to wallet status updates. Returns an unsubscribe function. 
const unsubscribe = sdk.onWalletStatusChange((status) => {
  if (status.isReady) console.log('Wallet ready at:', sdk.getAddress());
});

onAuthChange(cb)

onAuthChange(cb: () => void): () => void
Subscribe to auth state changes, e.g. when a magic link verification completes in the background. Returns an unsubscribe function.

getSessionPublicKey()

getSessionPublicKey(): string | null
Returns the public key of the current session key. Safe to display — does not expose the private key.

getAssociatedWallets()

async getAssociatedWallets(): Promise<{ address: string; name?: string }[]>
Discover all wallets associated with the current user in this app.

switchWallet(name?)

async switchWallet(name?: string): Promise<void>
Switch the active wallet by name. Omit name to switch back to the default wallet.

getFundingAddress()

getFundingAddress(): string | null
Alias for getAddress(). Returns the address to send funds to.

Transactions

execute(calls, options?)

async execute(
  calls: Call | Call[],
  options?: { gasless?: boolean }
): Promise<string>
Execute one or more transactions. Returns the transaction hash.
  • gasless: true (default) — Cavos Paymaster sponsors gas
  • gasless: false — wallet pays gas from its own STRK balance (requires session already registered)
Session state behavior: | Not registered | JWT signature — registers + executes atomically | Throws | | Registered + active | Paymaster (SNIP-9) | Direct INVOKE, wallet pays | | Expired within grace | Auto-renews, then executes | Auto-renews, then executes | | Expired beyond grace | Throws SESSION_EXPIRED | Throws SESSION_EXPIRED |

executeOnSlot(calls)

async executeOnSlot(calls: Call | Call[]): Promise<string>
Execute transactions on a Cartridge Slot (Katana). Always fee-free, no paymaster needed. Handles account deployment and session registration on the Slot automatically on the first call. Throws:
  • JwtExpiredError — JWT has expired; user must re-login
  • Error('SESSION_EXPIRED') — session expired past grace period; user must re-login
  • Error('non-sponsored transaction without a registered session')gasless: false before first tx

signMessage(typedData)

async signMessage(typedData: TypedData): Promise<string[]>
Sign SNIP-12 typed data with the session key. Returns [SESSION_V1_magic, r, s, session_key] — ready for on-chain is_valid_signature.

Session

registerCurrentSession()

async registerCurrentSession(): Promise<string>
Explicitly register the current session key on-chain using the current JWT. Returns the transaction hash. Normally called automatically — only needed for advanced flows.
Call updateSessionPolicy() before this if the policy changed after login.

updateSessionPolicy(policy)

updateSessionPolicy(policy: SessionKeyPolicy): void
Update the session policy that will be embedded on-chain at registration time. Must be called before registerCurrentSession() if the policy changed after login.

renewSession()

async renewSession(): Promise<string>
Renew an expired session key. The session must be registered on-chain and expired within the grace period (default 48h after expiry). Returns the transaction hash. Throws:
  • Error('Session is still active (Xh Ym remaining)') — not expired yet
  • Error('Session expired outside the grace period') — must re-login
  • Error('Session not registered on-chain yet') — execute a transaction first

revokeSession(sessionKey)

async revokeSession(sessionKey: string): Promise<string>
Revoke a specific session key on-chain. Uses JWT verification. Pass getSessionPublicKey() to revoke the current session. 
const pubKey = sdk.getSessionPublicKey();
if (pubKey) await sdk.revokeSession(pubKey);

emergencyRevokeAllSessions()

async emergencyRevokeAllSessions(): Promise<string>
Revoke all active sessions by incrementing the on-chain revocation epoch. Returns the transaction hash.
After this, the user must re-login to transact again.

exportSession()

exportSession(): string
Export the active session as a base64-encoded token for use with the Cavos CLI or autonomous agents. The token includes the session private key and wallet address. 
const token = sdk.exportSession();
// cavos session import <token>
Throws if no active session exists.

Onramp

getOnramp(provider)

getOnramp(provider: 'RAMP_NETWORK'): string
Get a fiat onramp URL for the connected wallet. Only available on mainnet. Throws:
  • Error('Onramp feature is not available on Sepolia network.')
  • Error('No account connected.')

Advanced

getAccount()

getAccount(): Account | null
Returns null in OAuth mode. Use execute() instead of accessing the Account directly.