OnDB provides multiple layers of security including wallet-based authentication and encryption settings for your applications.Documentation Index
Fetch the complete documentation index at: https://docs.ondb.ai/llms.txt
Use this file to discover all available pages before exploring further.
Wallet Authentication
OnDB Dashboard uses wallet authentication to ensure that only the wallet owner can manage their applications and API keys.Connecting Your Wallet
- Navigate to app.ondb.ai
- Click Connect Wallet
- Approve the connection request in your wallet
- Your wallet address is now linked to your session
Session Management
After connecting your wallet, a secure session is created:- Session Duration: 10 minutes
- Auto-Renewal: Sessions automatically renew when you sign a new message
- Secure Storage: Session tokens are stored in httpOnly cookies
Request Signing
All sensitive operations require cryptographic signature verification:| Header | Description |
|---|---|
X-Wallet-Address | Your wallet address |
X-Timestamp | Request timestamp (5-minute validity window) |
X-Signature | Base64-encoded signature |
X-Pubkey | Your public key (base64-encoded) |
On-Chain Verification
Critical operations require on-chain transaction verification to prove wallet ownership:Operations Requiring Verification
| Operation | Transaction Memo | Fee |
|---|---|---|
| Generate API Key | regenerate_key:{appId} | ~$0.001 USDC |
| Revoke API Key | revoke_key:{appId}:{keyHash} | ~$0.001 USDC |
| List API Keys | list_keys:{appId} | ~$0.001 USDC |
| Update Encryption | update_encryption:{appId} | ~$0.001 USDC |
Verification Flow
Encryption Settings
OnDB supports encryption for sensitive data at both the application and collection level.Private Application
Making your application private encrypts all data by default:- Go to your app’s Encryption tab
- Toggle Private App on
- Approve the on-chain verification transaction
Private Collections
You can also encrypt specific collections while keeping others public:- Navigate to the Encryption tab
- Select collections to encrypt
- Save changes and approve the transaction
App Ownership
Each OnDB application is linked to a wallet address. Only the owner can:- Generate, list, or revoke API keys
- Modify encryption settings
- Update app configuration
- View usage analytics
Ownership Verification
The Dashboard verifies ownership by:- Checking your connected wallet address
- Comparing against the app’s
owner_walletfield - Returning 403 Forbidden if addresses don’t match
Application ownership cannot be transferred. To change ownership, create a new application with the desired wallet.
API Key Security
Key Format
App Keys are cryptographically generated tokens:- Length: 64 characters
- Format: Alphanumeric with special characters
- Storage: Only the hash is stored server-side
Key Headers
When making API requests, include the appropriate headers:Security Implementation
| Feature | Implementation |
|---|---|
| httpOnly Cookies | Session tokens protected from XSS |
| HMAC Signing | Token integrity verification |
| Timestamp Validation | 5-minute replay attack window |
| On-Chain Verification | Wallet ownership proof |
| Immediate Invalidation | Revoked keys stop working instantly |
| One-Time Display | Keys shown once, never stored in plaintext |
Troubleshooting
Session Expired
If you see “Session Expired” errors:- Sign the authentication message in your wallet
- Your session will automatically renew
- The original request will be retried
Authorization Failed
If you receive 403 Forbidden errors:- Verify you’re connected with the correct wallet
- Check that you own the application
- Ensure your session hasn’t expired
Next Steps
Authentication
App Key and Agent Key permissions
Payment Flows
Payment callback and pre-paid options
Best Practices
Security recommendations for production