Skip to main content

Get started


This page guides you through the process of getting started with the Mavis Account service. After completing the steps, you will be able to implement authentication with Mavis Account using the provided OAuth 2.0 API.


A developer account. To sign up, visit the Developer Console.


Step 1. Request access to Mavis Account

  1. Go to the Developer Console.
  2. Create a new app or select an existing app.
  3. Select your app, then go to App Permission > Sky Mavis Account (OAuth 2.0) > Request Access.
  4. Fill out the form and submit the request.

When your request is approved, you will see OAuth 2.0 in the list of products.

Step 2. Configure OAuth 2.0 settings

To configure the client-side OAuth 2.0 settings, go to Developer Console > your app > OAuth 2.0.

  1. In CLIENT SECRET, generate your client secret string. The client secret and your API key are the two required credentials to authenticate your requests to the Mavis Account service.
  2. In GRANT TYPE, define how your app will obtain access tokens from the Mavis Account service. Choose the grant type that best suits your development environment and security needs:
    • Authorization Code: this is the most secure and widely-used flow for both web and mobile apps. It involves a two-step process:
      • Authorization code flow (frontend): the user is redirected to the Mavis Account authorization server for login and consent. Upon successful authorization, the server redirects the user back to your application with an authorization code.
      • Token exchange flow (backend): your app securely exchanges the authorization code for an access token using a server-to-server request to the Mavis Account token endpoint. This keeps sensitive credentials like client secrets away from the client-side.
    • Refresh Token: this token allows your app to obtain a new access token without requiring the user to re-authenticate, extending the access token's lifespan. This is typically used alongside the Authorization Code grant.
    • Implicit: this simplified flow retrieves the access token directly in the browser after user consent. While convenient, it exposes the access token in the URL fragment, making it vulnerable to interception. This method is generally not recommended for production use due to security risks.
    • Resource Owner Credentials: this flow allows your app to directly exchange user credentials (username/password) for an access token. Mavis Account only supports this flow with Ronin Wallet for specific use cases. Due to the security implications of sharing user credentials, use this option cautiously and only if other flows are not suitable.
  3. Add URIs for signing in (the location to which you want the user to be redirected after the authorization is complete) and signing out (the location where the user is redirected after logging out of your app).
  4. Save the settings.

Next steps

Use OAuth 2.0 for authentication

Was this page helpful?
Happy React is loading...