Skip to main content
To enable user authentication in your application, you’ll need to configure at least one login method in the MoonKey Dashboard. Choose from multiple authentication options to provide your users with flexible and secure access to their accounts.
We recommend enabling multiple authentication methods to ensure users can access their accounts even if they lose access to one method. Consider combining email with social providers or wallet login for better coverage.

Basic login methods

Email login

Email authentication provides a passwordless login experience using one-time passwords (OTPs) sent directly to users’ email addresses. How it works:
  1. User enters their email address
  2. MoonKey sends a 6-digit OTP to their email
  3. User enters the OTP to complete authentication
  4. OTP expires after 10 minutes
To enable email login:
  1. Navigate to SDK Settings in your dashboard
  2. Enable the Email authentication option
  3. Optionally customize the email template in Email Templates
Email addresses are automatically verified through the OTP process. Users who authenticate via email will have their email marked as verified in their account.

Wallet login

Wallet-based authentication allows users to sign in using their existing Web3 wallets through cryptographic signature verification. Supported wallet authentication:
  • Sign In With Ethereum (SIWE) — Authenticate users with any Ethereum or EVM-compatible wallet
  • Sign In With Solana (SIWS) — Authenticate users with Solana wallets
How it works:
  1. User connects their Web3 wallet (MetaMask, Phantom, etc.)
  2. MoonKey generates a signature request
  3. User signs the message in their wallet
  4. MoonKey verifies the signature and authenticates the user
To enable wallet login:
  1. Navigate to SDK Settings in your dashboard
  2. Enable Wallet authentication
  3. Select which blockchain networks to support (Ethereum, Solana, or both)
Wallet authentication is ideal for crypto-native applications where users already have Web3 wallets. It provides a familiar experience for blockchain users.

Social providers (OAuth)

MoonKey supports OAuth-based authentication through popular social providers, allowing users to sign in with their existing social accounts.

Supported OAuth providers

  • Google — Let users sign in with their Google account
  • Apple — Let users sign in with their Apple ID
Additional OAuth providers (Microsoft, Discord, GitHub, and more) are coming soon. Contact us if you need support for a specific provider.

Configuring your OAuth credentials

To use OAuth authentication, you must configure your own OAuth credentials for each provider. MoonKey does not provide default credentials. Benefits of using OAuth:
  • Your branding appears on the authentication screen
  • Users can leverage existing accounts they trust
  • Streamlined onboarding without password creation
  • Automatic email verification through the provider

Configuring custom OAuth credentials

1

Create OAuth apps with each provider

For each social provider you want to support, create an OAuth application through their developer portal:During setup, you’ll need to specify MoonKey’s OAuth callback URL as your redirect URI:
https://auth.moonkey.fun/api/v1/oauth/callback
2

Enter credentials in MoonKey Dashboard

After creating your OAuth apps, navigate to the OAuth section in your MoonKey Dashboard:
  1. Select the provider you want to configure
  2. Enter your OAuth credentials (Client ID and Client Secret)
  3. Save the configuration
OAuth credentials go live immediately upon saving. Always test in a development app with development credentials before configuring your production app.
3

Enable the provider

Once your credentials are configured:
  1. Navigate to SDK Settings
  2. Enable the OAuth providers you want users to access
  3. The authentication options will appear in your application’s login flow

Provider-specific setup guides

Creating a Google OAuth application:
  1. Go to Google Cloud Console
  2. Create a new project or select an existing one
  3. Enable the Google+ API
  4. Navigate to Credentials and create OAuth 2.0 credentials
  5. Add https://auth.moonkey.fun/api/v1/oauth/callback as an authorized redirect URI
  6. Copy your Client ID and Client Secret
Required scopes:
  • openid
  • email
  • profile
Google OAuth may not work in in-app browsers (like those embedded in social media apps) due to Google’s security restrictions. Consider enabling additional login methods for broad compatibility.
Creating an Apple OAuth application:
  1. Visit Apple Developer Portal
  2. Create a new Services ID under Certificates, Identifiers & Profiles
  3. Enable Sign in with Apple capability
  4. Configure the redirect URL: https://auth.moonkey.fun/api/v1/oauth/callback
  5. Create a private key for your Services ID
  6. Note your Team ID, Services ID, and Key ID
You’ll need to provide:
  • Team ID: Your Apple Developer team identifier
  • Services ID: Your application’s services identifier
  • Key ID: The identifier for your Sign in with Apple key
  • Private Key: The .p8 private key file

Testing your configuration

After enabling login methods, test each one in your development environment:
  1. Initialize the MoonKey SDK with your development App ID
  2. Attempt to authenticate using each enabled method
  3. Verify users can successfully log in and their data appears in the dashboard
  4. Test the user experience across different browsers and devices
Always test authentication flows in a development app before deploying to production. This prevents disruptions to existing users.

Best practices

Security:
  • Store OAuth credentials securely and never commit them to version control
  • Use separate apps and credentials for development, staging, and production
  • Regularly rotate OAuth secrets according to your security policies
User experience:
  • Enable multiple authentication methods to accommodate different user preferences
  • Provide clear messaging about which login methods are available
  • Consider regional availability when choosing authentication options
Compliance:
  • Review each OAuth provider’s terms of service and usage requirements
  • Ensure your privacy policy covers data collected through social logins
  • Maintain compliance with data protection regulations (GDPR, CCPA, etc.)