Skip to main content

Get started

Overview

This page guides you through the process of getting started with the Ronin Account Service. After completing the steps, you will be able to implement authentication with Ronin Account using the provided Ronin Account API.

Prerequisites

A developer account. To sign up, visit the Ronin Developer Console.

Steps

Step 1. Request access to Ronin Account

  1. Go to the Ronin Developer Console.
  2. Create a new app or select an existing app.
  3. Select your app, then go to App Permission > Waypoint Account Service > Request Access.
  4. Fill out the form and submit the request.

After your request is approved, you can see an Ronin Account menu in the list of products.

Step 2. Configure Ronin Account settings

To configure the client-side Ronin Account settings, go to the Ronin Developer Console, then your app > Ronin Account.

  1. In CLIENT SECRET, generate your client secret string. The client secret and your API key are the two required credentials to authenticate your requests to the Ronin Account Service.
  2. In GRANT TYPE, define how your app will obtain access tokens from the Ronin Account Service. Choose the grant type that best suits your development environment and security needs:
    • Authorization Code: this is an established flow for both web and mobile apps. It involves a two-step process:
      • Authorization code flow (frontend): the user is redirected to the Ronin Account authorization server for login and consent. Upon successful authorization, the server redirects the user back to your application with an authorization code.
      • Token exchange flow (backend): your app securely exchanges the authorization code for an access token using a server-to-server request to the Ronin Account token endpoint. This keeps sensitive credentials like client secrets away from the client-side.
    • Refresh Token: this token allows your app to obtain a new access token without requiring the user to re-authenticate, extending the access token's lifespan. This is typically used alongside the Authorization Code grant.
    • Implicit: this simplified flow retrieves the access token directly in the browser after user consent. While convenient, it exposes the access token in the URL fragment, making it vulnerable to interception. This method is generally not recommended for production use due to security risks.
    • Resource Owner Credentials: this flow allows your app to directly exchange user credentials (username/password) for an access token. Ronin Account only supports this flow with Ronin Wallet for specific use cases. Due to the security implications of sharing user credentials, use this option cautiously and only if other flows are not suitable.
  3. Add URIs for signing in (the location to which you want the user to be redirected after the authorization is complete) and signing out (the location where the user is redirected after logging out of your app).
  4. Save the settings.

Next steps

Use Ronin Account for authentication