Skip to main content
TinyCloud uses Sign-In with Ethereum (SIWE) for authentication. Users prove wallet ownership to establish sessions that authorize access to their space.

How SIWE Works

The authentication flow follows three steps regardless of which SDK you use:
1

Connect wallet

The user connects their Ethereum wallet. In the browser, this triggers a popup (MetaMask, WalletConnect, etc.). In Node.js, the SDK derives the address from the provided private key.
2

Sign SIWE message

The SDK constructs a SIWE message containing the domain, address, chain ID, and requested capabilities (via ReCap). The user (or private key) signs this message to prove ownership.
3

Session established

TinyCloud verifies the signature, creates the user’s space if needed, and issues a session. The session key can perform operations on behalf of the user until it expires.
SIWE authentication flow

Web SDK Sign-In

Calling signIn() in the browser triggers the wallet popup for the user to approve. 
import { TinyCloudWeb } from '@tinycloud/web-sdk';

const tc = new TinyCloudWeb({
  notifications: { popups: true },
  persistence: { autoResumeSession: true },
});

await tc.signIn();
console.log('Signed in:', tc.userAuthorization.getSpaceId());

Web SDK Configuration Reference

OptionTypeDefaultDescription
tinycloudHostsstring[]['https://node.tinycloud.xyz']TinyCloud node endpoints
spacePrefixstring''Prefix for space ID derivation
autoCreateSpacebooleantrueCreate space on first sign-in
kvPrefixstring''Prefix prepended to all KV keys

Node SDK Sign-In

The Node SDK signs the SIWE message automatically using the provided private key — no user interaction required. 
import { TinyCloudNode } from '@tinycloud/node-sdk';

const tc = new TinyCloudNode({
  privateKey: process.env.WALLET_PRIVATE_KEY,
  host: 'https://node.tinycloud.xyz',
  prefix: 'my-app',
});

await tc.signIn();
console.log('Signed in:', tc.spaceId);

Node SDK Configuration Reference

OptionTypeDefaultDescription
privateKeystring-Ethereum private key (hex). Omit for session-only mode.
hoststring'https://node.tinycloud.xyz'TinyCloud node endpoint
prefixstring''Prefix for space ID derivation
autoCreateSpacebooleantrueCreate space on first sign-in
sessionExpirationMsnumber86400000 (24h)Session TTL in milliseconds
Never hardcode private keys in source code. Always use environment variables or a secrets manager.

Session-Only Mode (Node SDK)

You can create a TinyCloudNode instance without a private key. This creates a session-only client that cannot sign in on its own but can receive delegations from other users. 
import { TinyCloudNode } from '@tinycloud/node-sdk';

// No privateKey -- session-only mode
const tc = new TinyCloudNode({
  host: 'https://node.tinycloud.xyz',
});

// tc.signIn() would fail -- no private key to sign with

// But this client can receive and use delegations
const access = await tc.useDelegation(portableDelegation);
const result = await access.kv.get('shared/document');
Session-only mode is useful for services that only need to read delegated data, such as a read-only dashboard or a webhook consumer.

Session Persistence

Sessions can be persisted so users do not need to re-authenticate on every page reload or process restart.
The Web SDK supports three storage backends:
const tc = new TinyCloudWeb({
  persistence: {
    autoResumeSession: true,
  },
  sessionConfig: {
    // 'localStorage' - persists across tabs and browser sessions
    // 'sessionStorage' - clears when the tab closes
    // 'memory' - clears on page reload (default)
    storageType: 'localStorage',
  },
});

// On subsequent page loads, the session is automatically restored
// if autoResumeSession is true and a valid session exists
You can also manually check for an existing session:
const resumed = await tc.tryResumeSession();

if (resumed) {
  console.log('Session restored');
} else {
  await tc.signIn(); // Fresh sign-in required
}

Session Expiry

Sessions have a limited lifetime. When a session expires, operations will fail and the user must re-authenticate. 
// Configure expiry duration
const tc = new TinyCloudWeb({
  sessionConfig: {
    storageType: 'localStorage',
    expirationTime: '24h', // Session duration
  },
});

// Check if the current session is still valid
if (tc.isSessionExpired()) {
  await tc.signIn(); // Re-authenticate
}
For long-running Node.js services, use FileSessionStorage combined with a try/catch around operations to automatically re-authenticate when the session expires.

Sign Out

Clear the current session and remove persisted credentials. 
await tc.signOut();
// Session cleared from localStorage/sessionStorage/memory
After signing out, all operations will fail until a new signIn() is completed. Persisted sessions are deleted permanently.

Node SDK Sign Strategies

The Node SDK supports multiple strategies for how the SIWE message is signed, giving you control over the approval flow.
Signs immediately using the provided private key. Best for automated services.
const tc = new TinyCloudNode({
  privateKey: process.env.WALLET_PRIVATE_KEY,
  // signStrategy defaults to 'auto'
});

await tc.signIn(); // Signs instantly, no interaction

Complete Example

A full authentication flow with session persistence and expiry handling: 
import { TinyCloudWeb } from '@tinycloud/web-sdk';

const tc = new TinyCloudWeb({
  tinycloudHosts: ['https://node.tinycloud.xyz'],
  spacePrefix: 'my-app',
  autoCreateSpace: true,
  notifications: { popups: true },
  persistence: { autoResumeSession: true },
  sessionConfig: { storageType: 'localStorage' },
});

async function ensureAuthenticated() {
  // Try to resume an existing session first
  const resumed = await tc.tryResumeSession();

  if (!resumed || tc.isSessionExpired()) {
    // No valid session -- trigger wallet sign-in
    await tc.signIn();
  }

  console.log('Space:', tc.userAuthorization.getSpaceId());
}

async function handleSignOut() {
  await tc.signOut();
  console.log('Signed out');
}