/auth
Search
K

Token Gating

An example of building a SlashAuth app using token gating for ENS wallet holders.
The SlashAuth service provides authorization for your apps via token and NFT gating. Token gating means blocking operations or access to resources unless the user's wallet holds specific tokens. Learn more about how token gating can improve your app's user experience in Token Gating Use Cases.
Web applications often handle authorization via role based access control (RBAC). This allows apps to have different user access levels per user, per group, or any other role. For instance, if you've ever used Google Docs, the role based access control system allows for editors, commenters, and viewers on any doc to be different and applied to individual users or full organizations.
SlashAuth provides similar functionality gating using tokens. Instead of designating specific users or groups having access ahead of time, simply designate the token or tokens required to access your API. SlashAuth takes care of the rest.

Example

SlashAuth helps secure your application by only allowing holders of specific tokens to access resources. This guide shows you how to block access to your app unless the logged in wallet has an ENS (Ethereum Name Service) address.
The ENS address contract 0x57f1887a8bf19b14fc0df6fd9b2acc9af147ea85 implements the ERC721 standard (NFT standard) contract so we will set the token requirement to 1 token from that contract.
NOTE: When adding a gate, a user will still be able to authenticate to your app as this just proves they own the wallet they claim they own. Using the hasRole API is how to determine whether the user has the correct authorization. This article explains more about the difference between Authorization and Authentication.
We recommend having already gone through the Quickstart guide before building a token gated app. That guide will help you get familiar with SlashAuth.

Configure SlashAuth

Add a token requirement

We will create a new app similar to how we did it in the Guide. This time we'll add a new requirement.
Add a new role in the role config tab. The name is case sensitive and how we will refer to the role. If you choose a different name, the Quickstart guide will NOT work out of the box as this role name is hardcoded.
Enable the Token gating section in your app edit flow, select ERC721 as the contract type and add the ENS contract address 0x57f1887a8bf19b14fc0df6fd9b2acc9af147ea85 as the address. Leave the quantity set to 1.
That's it! You've made this app gated to allow only holders of an ENS domain name. It's really that easy.