Skip to main content
POST
/
v1
/
admin
/
dev-auth
/
token
Admin Dev Auth Token
curl --request POST \
  --url https://api.glider.fi/v1/admin/dev-auth/token \
  --header 'X-API-KEY: <api-key>'
This endpoint mints a short-lived signed dev-auth token for browser development/testing against local or staging platform-api targets.

Scope

  • Internal-only
  • Disabled for production use
  • Protected by ADMIN_AUTH_SECRET_TOKEN

Request

Headers:
  • Authorization: Bearer <ADMIN_AUTH_SECRET_TOKEN>
  • Content-Type: application/json
Body: 
{
  "primaryWallet": "0x1000000000000000000000000000000000000001",
  "linkedWallets": [
    {
      "address": "11111111111111111111111111111111",
      "chainType": "solana",
      "vm": "solana"
    }
  ],
  "userId": "dev-user-1",
  "vmPreference": "evm",
  "expiresInSeconds": 900,
  "issuer": "webapp-v2-debug"
}
Fields:
  • primaryWallet: required canonical wallet for the synthetic session
  • linkedWallets: optional additional linked wallets
  • userId: optional synthetic user id override
  • vmPreference: optional preferred VM for wallet routing
  • expiresInSeconds: optional TTL override
  • issuer: optional issuer override

Response

{
  "claims": {
    "exp": 1775748004,
    "iat": 1775747104,
    "iss": "webapp-v2-debug",
    "jti": "01KNSCD020RXBWYYCTWF085NMB",
    "linkedWallets": [
      {
        "address": "0x1000000000000000000000000000000000000001",
        "chainId": 8453,
        "chainType": "ethereum",
        "vm": "evm"
      }
    ],
    "primaryWallet": "0x1000000000000000000000000000000000000001",
    "typ": "dev-auth",
    "userId": "dev-user-1",
    "vmPreference": "evm"
  },
  "token": "<signed-token>"
}
Use the returned token as: 
x-glider-dev-auth-token: <signed-token>

Runtime Behavior

platform-api treats accepted dev-auth tokens as wallet-backed sessions for:
  • owner reads
  • wallet routing
  • realtime subscription ticket issuance
  • feature-flag lookups
The token is rejected when:
  • the runtime is production
  • DEV_AUTH_TOKEN_SECRET is unset
  • the token is expired or malformed
  • the wallet claims are invalid