Manage cryptographic key material and sign on behalf of your users.

See full API documentation here.

import { identClientFactory, vaultClientFactory } from 'provide-js';
const appId = '<provide app id>'; // the app id
const appAccessToken = '<signed jwt>'; // application token
// initialize ident instance for the application
const ident = identClientFactory(accessToken);
// create a virtual application user
const virtualUser = await ident.createUser({
application_id: appId,
email: `joe.user.${new Date().getTime()}`,
first_name: 'Joe',
last_name: 'User',
console.log(; // associate this id with your local user
const userAccessToken = (await ident.createToken({
application_id: appId,
scope: 'offline_access',
const org = await ident.createOrganization({
name: 'Acme Inc.',
const orgAccessToken = (await orgIdent.createToken({
scope: 'offline_access',
// the refresh token is also returned here and should also be persisted
// and used to create future access tokens...
// initialize a vault client instance for the organization
const vault = vaultClientFactory(orgAccessToken);
// create a vault for the organization
const orgVault = await vault.createVault({
name: `${} Vault`,
description: `${} vault instance`,
// create a secp256k1 keypair for the organization...
const key = await vault.createVaultKey(, {
type: 'asymmetric',
usage: 'sign/verify',
spec: 'secp256k1',
name: `${} ETH keypair`,
description: `${} ETH keypair`,