> For the complete documentation index, see [llms.txt](https://shinkalabs.gitbook.io/hub/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://shinkalabs.gitbook.io/hub/andromeda/concepts/identity.md). # Identity (optional) The identity layer lets a user reach the same dWallet from any client without copying a key around. It is **opt-in per deployment**. Check [`/capabilities`](https://api.andromedainfra.pro/capabilities) to see whether the deployment you call has it enabled, and which providers are active. When it is disabled, the API behaves exactly as the rest of this documentation describes; there is nothing extra to configure on your side. ## Deterministic wallet addresses The core idea: the dWallet address is derived from the identity, not stored against it. ``` walletAddress = sha256(":") ``` `provider` is something like `google` or `apple`; `subject` is the stable account identifier that provider returns. Because the derivation is deterministic, any client that authenticates the same account computes the same `walletAddress`. That is why recovery works across clients: a user who logs in with the same Google account on a new device lands on the same dWallet. ## What counts as an identity * **OAuth**: Google, Apple, Twitter, GitHub (each enabled individually by the deployment). * **Email magic link**: the user proves control of an email address. Endpoints: `POST /v1/identity/email/request` and `POST /v1/identity/email/verify`. * **Passkey-as-identity**: a WebAuthn passkey with the PRF extension, used as the identity material. ## Account linking A user can link several identities to one primary wallet. A link record (an alias) points `provider:subject` to the primary `walletAddress`. When Andromeda resolves a wallet, it checks links first and only falls back to deriving from the identity directly. So linking a second login does not create a second wallet; it points at the existing one. ## Anti-enumeration `POST /v1/identity/email/request` always returns `200 OK`, even when the address is unknown, rate-limited, or the mail transport failed. An attacker cannot use it to discover which emails have accounts. Failures are recorded server-side with a trace id; from the client you only ever see success. ## Single-use tokens Email links, OAuth state values, passkey challenges and refresh tokens are all single-use. They are consumed atomically (an update or delete gated on "not yet consumed"), so two concurrent verifications cannot both succeed. ## Your data (GDPR) When identity is enabled, a user can export everything identifiable about them (`GET /me/export`, a JSON dump) or delete it (`DELETE /me`, a cascading purge of all linked records). The dWallet itself lives on-chain and is not deleted by this; that limitation is stated to the user. See [Your data (GDPR)](/hub/andromeda/guides/gdpr.md). ## What identity does not change Identity only **derives** the `walletAddress` that the signing engine already uses. It does not change the MPC protocol, the policies, or the custody model. A deployment without identity still does everything else in this documentation. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://shinkalabs.gitbook.io/hub/andromeda/concepts/identity.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.