Authenticate with HAT PDA

The HAT PDA is an API-only service, meaning it does not enforce a specific Application or User Interface to expose the data to the user. Instead, authentication happens using the HAT APIs and the Javascript Web Token (JWT). Each HAT PDA runs as a separate server and has a publicly-reachable address (such as All calls in this documentation are therefore executed against an individual HAT PDA. You can learn more in the HAT documentation


The steps in logging in with a HAT PDA are:

  1. You send the user to /hatlogin endpoint on their HAT PDA, such as
  2. The HAT PDA owner enters their login details in the login screen and verifies the service they are logging into
  3. User gets redirected back to the address you have provided with authentication token in a query parameter. You validate the token against the HAT PDA’s public key and know that the user owns the specific HAT PDA and log them in.