342, Old York Rd, NY 08083

09:00 AM to 07:00 PM ( Mon - Sat )

Galxe ID SDK: A Comprehensive Guide to Integrating Galxe Identity Verification into Your Application | Help Center – Galxe

Data Galxe (GAL)

Copyright (c) 2023, Intercom, Inc. ([email protected]) with Reserved Font Name “Poppins”. This Font Software is licensed under the SIL Open Font License, Version 1.1. Copyright (c) 2023, Intercom, Inc. ([email protected]) with Reserved Font Name “Inter”. This Font Software is licensed under the SIL Open Font License, Version 1.1.

Table of contents
Galxe ID SDK: A Comprehensive Guide to Integrating Galxe Identity Verification into Your Application
Galxe ID SDK: A Comprehensive Guide to Integrating Galxe Identity Verification into Your Application

Learn how to integrate Galxe ID SDK into your applications for secure and seamless identity verification.

Written by Operation Team
Updated over a week ago
Table of contents

Galxe ID SDK seamlessly integrates Galxe identity and authentication features into your applications. Empower your users with secure authentication and access to Galxe Passport, a comprehensive digital identity management solution.

Benefits of Galxe ID SDK Integration:

Seamless User Experience: Provide a frictionless login and registration process by enabling users to authenticate with their Galxe Passport credentials, eliminating the need for traditional usernames and passwords.

Enhanced Security: Leverage Galxe ID SDK’s robust encryption and security protocols to ensure the utmost protection of user data, establishing a highly secure and trusted identity management solution.

Simplified KYC Processes: Streamline KYC compliance by allowing users to store and manage verified identity documents within Galxe Passport. Integrate Galxe ID SDK to automate and streamline your KYC processes, reducing manual efforts and enhancing operational efficiency.

Access to User-Approved Data: With user consent, authorized partners can request specific user data stored in Galxe Passport, enabling personalized experiences, tailored services, and improved customer engagement.

Note: Galxe ID SDK is currently limited to third-party website integration for user consent. To retrieve user information on Galxe campaigns, integrate the SDK into your website to obtain the necessary permissions. Discover the power of Galxe ID SDK and elevate your app’s identity management with Galxe Passport integration.

Access Galxe ID SDK Integration Guide

Note: Make sure to have your Galxe ID SDK application approved before proceeding with the integration.

Getting Started

To get started, please apply by submitting a ticket through our Live Chat – Submit a Ticket – Integration Related and select “Galxe ID SDK Application”.


Galxe’s OAuth implementation supports the standard authorization code grant type for apps that don’t have access to a web browser.

Authorization flow

The request flow to authorize users for your app is as follows:

Users are redirected to request their Galxe identity.
Users are redirected back to your site by Galxe.
Your app accesses the API with the user’s access token.

Request a user’s Galxe identity

GET https://galxe.com/oauth


Available Scopes:



Required. The client ID you received from Galxe when you registered.

Required. A space-delimited list of scopes. If not provided, scope defaults to an empty list for users that have not authorized any scopes for the application.

Required. The URL in your application where users will be sent after authorization, also known as callback url.

Required. An unguessable random string. It is used to protect against cross-site request forgery attacks.

PKCE (Proof Key for Code Exchange) is an extension to the Authorization Code flow to prevent CSRF and authorization code injection attacks. PKCE is not a replacement for a client secret, and PKCE is recommended even if a client is using a client secret.

Encoding method, plain or S256 (sha256), S256 is recommended.

By default, the response will add the following parameter to your redirect_uri:


Ensure that you replace $ , $ , $ , and $ with the appropriate values specific to your application. When the user authorizes the request, they will be redirected to the specified redirect_uri with the authorization code ( code ) and the state value ( state ) as query parameters.

To obtain an access token, follow these steps:

After the user accepts your request, Galxe will redirect back to your site with a temporary code and the state you provided.

Extract the temporary code from the code parameter in the redirected URL.

Ensure that the state parameter received matches the state you provided earlier. If they don’t match, it may indicate a third party tampering with the request, and you should stop the process.

Exchange the temporary code for an access token by making a request to Galxe’s token endpoint.
The access token will be included in the response from the token endpoint.

Remember to handle the expiration of the temporary code, which typically lasts for 10 minutes, and implement appropriate error handling for any issues that may arise during the token exchange process.

To exchange the temporary code for an access token, you can use the following cURL command:

POST https://api.galxe.com/oauth/auth/2/token
curl -d 'client_id=$&client_secret=$&code=$&grant_type=authorization_code' -H "Content-Type: application/x-www-form-urlencoded" -X POST https://api.galxe.com/oauth/auth/2/token

Make sure to replace $ , $ , and $ with the actual values provided by Galxe. This command sends a POST request to the specified URL ( https://api.galxe.com/oauth/auth/2/token ) with the necessary parameters to obtain the access token. The response from the server will contain the access token.


Required. The client ID you received from Galxe for your OAuth App.

Required. The client secret you received from Galxe for your OAuth App.

Required. The code you received as a response to OAuth Authorize Step.

Plain string of code_challenge, only used when requiring code_challenge.

By default, the response takes the following form:

"expires_in": 86400,
"scope": "Twitter",
"token_type": "Bearer"

Refresh Access Token

POST https://api.galxe.com/oauth/auth/2/token
$ curl -d 'grant_type=refresh_token&refresh_token=$&client_id=$&client_secret=$' -H "Content-Type:application/x-www-form-urlencoded" -X POST https://api.galxe.com/oauth/auth/2/token


Required. The token generated when the Galxe App owner enables expiring tokens and issues a new user access token.

Required. Value must be refresh_token (required by the OAuth specification).

Required. The client ID for Galxe App.

Required. The client secret for Galxe App.

"expires_in": 86400,
"scope": "Twitter Discord",
"token_type": "Bearer"

Get Access Token Detail

Authorization: Bearer $
GET https://api.galxe.com/oauth/api/2/token
$ curl -H "Authorization: Bearer $" https://api.galxe.com/oauth/api/2/token

Required. Append it to header.

 "client_id": "client_id", 
"expires_at": "2022-08-31 16:00:22.666401 +0800 CST",
"scope": "twitter discord",

Use the access token to access the API

Authorization: Bearer $
GET https://api.galxe.com/oauth/api/2/user
$ curl -H "Authorization: Bearer $" https://api.galxe.com/oauth/api/2/user?scope=Twitter%20Discord


Required. Append it to request header.

A space-delimited list of scopes of user data that your APP required. If not set, will set to access token related scope by default.

 "TwitterUsername": "twitter_username", 
"TwitterUserID": "twitter_userid",
"DiscordUsername": "discord_username"
"DiscordUserID": "discord_userid"


Authorized partners of Galxe can request to access user’s encrypted KYC data in their Galxe Passport through strict user consent. This document describes the workflow.

Assume an external company, XYZ, wants to access an user’s KYC data stored inside their Galxe Passport. From XYZ’s website, the user will first be redirected to https://galxe.com/passportauth, where they are prompted to connect their wallet and go through the passport decryption flow on the frontend using their own password.

Decrypted data will then be sent as HTTP POST request to XYZ’s endpoint.

For example, upon user decryption, they get the following JSON (this is what will be sent as POST payload to XYZ’s endpoint):


XYZ can then proceed to decode this data, as well as validate its signatures.

body.plain is a base64 encoded string. Decoding it as follows:

const decodedJson = JSON.parse(decoded.toString());
const bodyJson = JSON.parse(decodedJson.body);
const body = Buffer.from(bodyJson.plain, "base64").toString();
const kycData = JSON.parse(body);
 'evm-address': '0xb85b3D61439a3d70D3DF7913a3A764F352b32C55', 
governmentIDs: [
'first-name': 'ALEXANDER J',
'last-name': 'SAMPLE',
birthdate: '1977-07-17',
nationality: '',
'document-number': '',
sex: 'Male',
'country-code': 'US',
'id-class': 'dl',
'front-photo-key': 'https://withpersona.com/api/v1/files/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHNLd2ZaN0tSSSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--d5398835665b82ea98a17ff214c88af917aa752c/1666162205726629714.jpg',
'back-photo-key': 'https://withpersona.com/api/v1/files/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHNLd2ZYN0tSSSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--df48b20fa710a85862ae31c03ffc5adff077339f/1666162205726629714.jpg',
'identification-number': 'I1234562'
selfie: 'left-photo-key': 'https://withpersona.com/api/v1/files/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHNLd2NxS2FWSSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--4af4cf32853e44478400bf506f3a6875d8db6071/left_photo_processed.jpg',
'center-photo-key': 'https://withpersona.com/api/v1/files/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHNLd2NtS2FWSSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--46e940714f47df2e77ef2ece246f569af18837b4/center_photo_processed.jpg',
'right-photo-key': 'https://withpersona.com/api/v1/files/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHNLd2NyS2FWSSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--8cda1e12989cf81b1e5e86db82519eadf580ad50/right_photo_processed.jpg'
'passport-version': 'v1.1',
'persona-id': 'd31c25d5-258e-4478-ab86-4826da4e2598'

Note that persona photo urls are not publicly accessible. These URLs purely exist for legacy reasons.

Leave a Reply

Your email address will not be published. Required fields are marked *