web10 DOCS | SDKs

web10 Home

web10 auth portal

web10 API page


Getting Started


SDK Installation (npm)

In your node application, run the following command.

Then, in your application you can import the package at the top.


wapi.js is the javascript file containing the web10 developers SDK.
the file can be found at : https://unpkg.com/web10-npm/dist/wapi.js


SDK Initialization (JS)

in order to use the web10 SDK, the main SDK object needs to be initialized by the developer.

wapiInit(authUrl, appStores, rtcServer)returns a wapi object registered to handle web10 authentication at the auth portal of the given authUrl. It registers the application to the provided list of app stores, and registers for P2P webrtc with the provided web10 webRTC server.

appStores and rtcServer are optional parameters, set respectively to appStores = ["https://api.web10.app"] and rtcServer = "rtc.web10.app" by default.




SDK Functions

once the wapi object is initialized, it provides a variety of functionalities for managing authentication and credentials.

wapi.isSignedIn()returns a boolean : whether the app is signed in.
wapi.signOut()signs the app out.
wapi.openAuthPortal()opens the registered web10 auth portal.
wapi.authListen(setAuth)listens for the auth portal to send a login token, and triggers the inputted callback function [setAuth]
wapi.readToken()reads the data fields of the web10token stored in the wapi object. if wapi isn't logged in and the token is null, wapi.readToken() returns null.
wapi.getTieredToken(site,target)mints a token for a given site and web10server using the token stored in wapi. returns an axios promise with response data being the token[as JWT string] on success.


Anonymous Users

When not logged into web10 on a website with the wapi.js sdk, you can still utilize the web10 CRUD functionality. The api will register you as the 'anon' user [a user with the name anon].


Hello World Demo

Below is an example of some html and javascript utilizing all of the above SDK functions to handle login for a simple hello world app. Demo Link




a web10 service is a managed MongoDB collection provided by a web10 provider

web10.app services are hosted at :


users start new web10 services by accepting SIRs [service initialization requests]

users accept or deny changes to terms of service through SCRs [service change requests]

users can change their terms of service in the web10 authentication portal at any time.


SDK CRUD + Service Management Functions

wapi.SMROnReady(sirs,scrs)adds an event listener that waits for the authentication service to send a ready signal. when the authentication service is ready, wapi sends a service modification request [SMR]. an SMR consists of list of service initialization requests [SIRs] and a list of service change requests [SCRs]
wapi.create(service,query,username,provider)Runs a MongoDB create on the web10 service at provider/{username}/{service}, and returns the result as an axios promise.
wapi.read(service,query,username,provider)Runs a MongoDB read on the web10 service at provider/{username}/{service}, and returns the result as an axios promise.
wapi.update(service,query,update,username,provider)Runs a MongoDB update on the web10 service at provider/{username}/{service}, and returns the result as an axios promise.
wapi.delete(service,query,username,provider)Runs a MongoDB delete on the web10 service at provider/{username}/{service}, and returns the result as an axios promise.


Additional Details about wapi.read(service,query,username,provider) for pagination.


Additional details about wapi.update(service, query, update, username, provider).


Service Terms

Users have a service term record for each active service they actively host with web10.

servicethe name of the web10 service
cross_originswebsites that users are allowed to make web10 requests to the service from.
whitelista list of users allowed to access the service
blacklista list of users not allowed to access the service. Overrides user listings on the whitelist.


Subservices (Coming soon)

Subservices are developer definable services within a service. There properties are :

  1. They can have only stricter rules than the services they are within.
  2. The rules can never restrict access from the user who owns the service.
  3. Developers do not need to get user consent to make subservices


Note App Demo

Below is an example of some html and javascript utilizing all of the above user owned service management functionality to make a basic notes app. Demo Link



Developers can accept web10 payment with web10 devPay.

wapi.checkout (seller, title, price,successUrl,cancelUrl)Opens a subscription checkout portal for a customer.
wapi.verifySubscription (seller, title)Verify that a customer is subscribed.
wapi.wapi.cancelSubscription (seller, title)Cancel a customer subscription


Demo - web10 Mail App

Below is a demo mail app. It showcases:

  1. service term regexing to allow all web10 users send you an email.
  2. $.50/mo. web10 devPay subscription.
  3. sending of web10 mail as an anon web10 user when not logged in.

Demo Link

P2P (Via. PeerJS) (Coming soon)

web10 peer to peer functionality relies on the PeerJS library. web10 runs it's own webRTC server to keep web10 users secure when using the platform.

SDK Functions

wapi.initP2P(onInbound=null)Initializes the client as a peer, and on recieving inbound connections saves the connections to wapi.inBound. and attaches an event listener that triggers the onInbound(conn,data) function to recieved inbound connections
wapi.P2P(provider, username, origin, metaData={}, label = "default")Makes a P2P connection with another web10 peer.


Outbound/Inbound P2P

Connections that other web10 users make to you are stored in the wapi.inBound dictionary under their peer ID.

Connections that you make to other web10 users are stored in the wapi.outBound dictionary under their peer ID.


web10 Peer IDs

On web10, peer ids look like 'provider/username/origin/label'

  1. provider is the web10 provider of a user of web10 P2P

  2. username is the web10 username of a user of web10 P2P

  3. origin is the origin of the site the user is using to make the web10 P2P connection

    • when connecting to a mobile encryptor, origin is set to "mobile"
  4. label is an extra string a developer can add to the peer id to handle single users being multipeer

P2P messaging demo (Coming soon)


Encryption (Coming soon)

web10 does the following to make encryption is as secure as possible :

  1. Implements SEPC256K1 encryption for digital signatures, diffie helman, and assymetric encryption
  2. Has a mobile app client to store all of your web10 keys locally on your phone to keep the keys entirely secret.
  3. Creates a P2P tunnel between your phone and web10 using devices to keep your web10 apps secure.


E2E P2P messaging demo (Coming soon)


End of web10 docs ...