Base URL
All API requests should be made to:Prerequisites
Before using Core API, you’ll need to:Create a Magic Account
Visit the Magic Dashboard and sign up for a Magic developer account.
Authentication
Core API requires authentication using your Magic secret key for all requests:Your Magic secret key for service authentication. Format:
sk_live_XXXXXXXXv2 Authorization Model
In addition to the secret key, v2 operations require a short-lived operation JWT (op_jwt).
Wallet Creation
When creating a wallet, passauth_jwt — the user’s JWT from your identity provider. The enclave cryptographically binds the new wallet to this identity at creation time.
Signing Operations
Every signing request requires anop_jwt: a short-lived JWT for the specific user. The Nitro Enclave verifies this JWT offline against JWKS baked into the enclave image, and confirms the caller’s identity matches the wallet’s owner before authorizing the operation.
JWT Requirements
Bothauth_jwt (wallet creation) and op_jwt (signing) must satisfy the following:
| Requirement | Details |
|---|---|
Issuer (iss) | Required. Must match your configured identity provider. |
Subject (sub) | Required. Uniquely identifies the user — used to bind the wallet to their identity. |
Expiry (exp) | Required. Must be present and not expired. For op_jwt, keep expiry to 5 minutes or less. |
Issued at (iat) | Required. Must not be in the future. |
Audience (aud) | Required. Must match your application’s configured audience. |
Algorithm (alg) | Must be an asymmetric algorithm (e.g. RS256, ES256). none and symmetric algorithms are rejected. |
Key ID (kid) | Required in the JWT header. Must resolve to a key in your IdP’s JWKS. |