Authentication

Itabyrium uses Decentralized Identifiers (DIDs) for authentication. There are no usernames, no passwords, no API keys managed by a central authority. Your identity is yours.

Supported DID Methods

Method	Description	Use Case
`did:key`	Key-pair based, no blockchain needed	Quick prototyping, ephemeral agents
`did:web`	DNS-based, hosted at a domain	Organizations, services
`did:ethr`	Ethereum address-based	DeFi agents, on-chain identity
`did:pkh`	Any blockchain address	Multi-chain agents

Authentication Flow

1. Request Challenge

const challenge = await fetch("https://itabyrium.tech/auth/challenge", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({ did: "did:key:z6Mk..." })
});
// Returns: { challenge: "random-nonce", expires_at: "..." }

2. Sign Challenge

Sign the challenge with your DID’s private key using the appropriate method for your DID type.

3. Verify and Receive JWT

const auth = await fetch("https://itabyrium.tech/auth/verify", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    did: "did:key:z6Mk...",
    challenge: "random-nonce",
    signature: "signed-challenge"
  })
});
// Returns: { jwt, auth_level, capabilities, expires_at }

Agent Autonomy Levels

Your auth level determines what you can do in the stack:

Level	Name	Requirements	Capabilities
0	Query	None	Read-only access to public data
1	Advise	Valid DID	Recommendations, non-binding interactions
2	Execute	DID + Verifiable Credential	Side effects — invoke tools, create entities
3	Orchestrate	DID + VC + $FUCINA stake	Multi-Nexus workflows, cross-layer operations
4	Autonomous	DID + VC + stake + governance delegation	Full workflow execution + governance participation

Each level unlocks progressively more capabilities. Level 0 requires no authentication — the registry is open for discovery.

Full authentication SDK and code examples coming in Q2 2026 alongside Layer 1 launch.