Protocol Active
OpenKitx403 Logo

OpenKitx403

$ HTTP-native wallet authentication for Solana.Uses HTTP 403 as the primitive. Wallets sign challenges. No custom protocols. No account secrets.

GitHubDocsExamplesRoadmapUsecasesXExplorer
$ npm install @openkitx403
$ open-source·mit-license·production-ready·v0.1.0

$ why-403

// HTTP 403 Forbidden is the protocol's foundation. It's a standard HTTP status code.Wallets sign challenges. No custom transport. No new layer. Open standard, battle-tested semantics.

$ sdks

// 4 production-ready packages across TypeScript + Python

@openkitx403/client
productionnpm

TypeScript client with Solana wallet adapters and automatic 403 challenge flow

[+] Browser + Node.js
[+] Phantom/Backpack/Solflare
[+] Auto-retry flow
[+] Type-safe API
@openkitx403/server
productionnpm

TypeScript server SDK with Express and Fastify middleware, Ed25519 verification

[+] Express middleware
[+] Fastify plugin
[+] Replay protection
[+] @noble/ed25519
openkitx403
productionpypi

Python FastAPI middleware with Ed25519 verification and replay protection

[+] FastAPI middleware
[+] Async support
[+] Type hints
[+] Token gating
openkitx403-client
productionpypi

Python client for server-side authentication with Solana keypairs

[+] Solana keypair
[+] Requests-based
[+] Manual signing
[+] Script-friendly

// Installation

TypeScript:

npm install @openkitx403/clientnpm install @openkitx403/server

Python:

pip install openkitx403pip install openkitx403-client

$ protocol features

// Built for production, designed for developers

HTTP-Native

Standard HTTP 403 challenges, no custom protocols

Stateless Design

No required server-side session storage

Ed25519 Signatures

Cryptographic proof of wallet ownership

Replay Protection

Nonce-based prevention with configurable store

Request Binding

Signatures coupled to method, path, and origin

Token Gating

Built-in support for NFT/token requirements

Multi-Framework

Express, Fastify, FastAPI with drop-in middleware

Type-Safe

Full TypeScript support and Python type hints

Production Ready

Battle-tested, documented, and fully tested

4

Production packages

5,450+

Lines of code

100%

Open source

$ 403-challenge-flow

// 3-step cryptographic authentication

1
[REQUEST]

$ GET /protected

client initiates request to protected resource

2
[CHALLENGE]

$ 403 + nonce

server returns 403 with WWW-Authenticate header containing nonce

3
[AUTH]

$ Sign & Retry

client signs challenge with wallet, retries with Authorization header

[RESULT]

Server verifies signature, request binding, and nonce validity. On success, returns 200 OK with protected resource. No passwords. No secrets stored on server.

$ installation & setup

TYPESCRIPT CLIENT

// Browser + Node.js

npm install @openkitx403/client

Supports Phantom, Backpack, and Solflare wallets

TYPESCRIPT SERVER

// Express + Fastify

npm install @openkitx403/server

Drop-in middleware with replay protection

PYTHON SERVER

// FastAPI

pip install openkitx403

FastAPI middleware with async support

PYTHON CLIENT

// Server-side scripts

pip install openkitx403-client

Authenticate with Solana keypairs

// Quick Start

1. Install package

npm install @openkitx403/client

2. Connect wallet

await client.connect('phantom')

3. Authenticate

await client.authenticate({ resource: 'https://api.example.com' })

Type-Safe

Full TypeScript support and Python type hints

Well Tested

800+ lines of tests across all packages

Documented

Complete docs, examples, and protocol spec

$ quick start

// browser client

import { OpenKit403Client } from '@openkitx403/client'; const client = new OpenKit403Client(); await client.connect('phantom'); const result = await client.authenticate({ resource: 'https://api.example.com/data' }); console.log('✅', result.address);

$ install

npm install @openkitx403/client

// express server

import { createOpenKit403, inMemoryLRU } from '@openkitx403/server'; const openkit = createOpenKit403({ issuer: 'my-api', audience: 'https://api.example.com', replayStore: inMemoryLRU() }); app.use(openkit.middleware()); app.get('/data', (req, res) => { res.json({ wallet: req.openkitx403User.address }); });

$ install

npm install @openkitx403/server express

// python fastapi

from fastapi import FastAPI, Depends from openkitx403 import ( OpenKit403Middleware, require_openkitx403_user ) app = FastAPI() app.add_middleware( OpenKit403Middleware, audience="https://api.example.com", issuer="my-api" ) @app.get("/data") async def protected(user = Depends(require_openkitx403_user)): return {"wallet": user.address}

$ install

pip install openkitx403 fastapi

// python client

from solana.keypair import Keypair from openkitx403_client import OpenKit403Client keypair = Keypair.generate() client = OpenKit403Client(keypair) response = client.authenticate( 'https://api.example.com/data' ) print(response.json())

$ install

pip install openkitx403-client

[MORE_EXAMPLES]

> See USAGE_EXAMPLES.md in the source package for 8 complete sections including Node.js, Fastify, LangChain integration, and AI agent patterns.

$ security --model

[OK]

ed25519 signatures . cryptographic proof of wallet ownership

[OK]

request binding . signatures coupled to method, path, origin

[OK]

replay protection . nonce validation + timestamp checks

[OK]

zero key exposure . private keys never leave wallet

[OK]

stateless verification . scale without session management