- Wallet signatures for user-owned recovery and probate records.
- Developer sessions for the hosted developer dashboard.
- API key headers for server-side partner integrations.
Developer Dashboard
Use the hosted app’s developer section to create a developer account and manage credentials:- Register or sign in with email and password.
- Create up to five active API keys.
- Copy the API key secret once at creation time.
- Revoke keys that should no longer be accepted.
Password Requirements
Developer passwords must be 8 to 32 characters and include:- One uppercase letter.
- One lowercase letter.
- One number.
- One special character.
API Key Authentication
Server-side integrations should send both API key headers:Browser Integrations
Do not exposex-api-secret in browser code.
For browser-based wallet apps, either:
- Link users to
https://app.jurat.io. - Use wallet-signature endpoints directly from an allowlisted origin.
- Proxy privileged calls through your own backend.
Hosted App Proxy
The hosted Jurat app uses same-origin Next.js API routes for dashboard and wallet calls. Those routes forward to the recovery backend and keepUI_CLIENT_ID, UI_CLIENT_SECRET, cookies, and developer credentials on the server side.
Use this pattern if you embed Jurat flows in a browser app and need a private server-side hop.
Session Endpoints
Developer dashboard sessions use HTTP-only cookies:issue-anon-jwt is for Jurat-owned UI clients. It requires UI_CLIENT_ID and UI_CLIENT_SECRET and should not be called directly from public browser code.