Manifold
Manifold for Developers
Manifold for Developers
  • Introduction
  • Shopify Merch Bridge
    • Overview
    • Tutorial
      • Step 1: Product Gate Setup
        • 1.1: Configure the Product
        • 1.2: Install Manifold Merch Bridge
        • 1.2: Create a New Product Gate
        • 1.3: Link a Product to the Gate
        • 1.4: Add Rules
      • Step 2: Store Theme Setup
        • 2.1 The Theme Editor
        • 2.2 Product Page Setup
        • 2.3 Cart Page Setup
    • Advanced Configuration
    • FAQ / Error Help
    • Reference
      • Product and Gate Configuration
        • Shopify Products
        • Product Gates
          • Gate Products
          • Rules
      • Custom Themes
      • Updating to the Latest Version
      • UI Configuration Options
      • Advanced Usage
      • Common Issues
  • Guides
    • Getting Started
    • HTML
    • React
    • NextJS
    • Vue
    • Wix
    • Squarespace
      • Simple Squarespace Site
      • Customised Squarespace Template
  • Resources
    • Apps
      • Grant Types
    • Widgets
      • Directory
      • Manifold CSS Variables
        • Scheme Utility Classes
        • List of Manifold CSS Variables
      • Connect Widget
        • Blockchain Interaction
        • Wallet Authentication
        • Data Client
          • NFT Information Retrieval
            • getNFT
            • getNFTsOfOwner
            • ownerHasNFT
            • getCollectors
          • Data Storage and Retrieval
        • Advanced Configuration
        • Customization & Styling
        • Automatic Error Handling
      • Campaign Widget
        • Campaign Creation
          • Questionnaire
        • Campaign Progress
        • Customization & Styling
      • Curation Widget
      • Marketplace Widgets
        • Widgets
          • Data Attributes
          • Layout Widgets
          • Card Widgets
          • Listing Widgets
        • Window Events
        • Troubleshooting
        • Customization & Styling
        • Version Change Notes
          • 3.2.1 - CSS Selector Changes
          • 3.1.1 - CSS Selector Changes
      • Claim Widgets
        • Widgets
          • Data Attributes
          • Complete Claim Widget
          • Buy Button Only Widget
          • Mint Count Widget
        • Troubleshooting
        • Customization & Styling
        • Version Change Notes
          • 1.7.0, 1.7.1 - CSS Selector Changes
      • Restricted Token Widget
        • Customization & Styling
      • Wallet Identity Widget
        • Customization & Styling
      • Subscription Widget
      • 6551 Display Widget
    • Manifold Ethereum Provider
  • Tools and APIs
    • Merkle Tree Tool
    • Snapshot Tool
    • Discord Tools
    • Server-Side Session Authentication
      • Signature Grant
      • Authorization Code Grant
  • Smart Contracts
    • Manifold Creator
      • Contracts
        • Creator Core
          • Common Functions
          • ERC721 Functions
          • ERC1155 Functions
        • Extensions
          • Extensions Functions
          • Extensions Examples
          • Extensions Deployment Guide
            • Dynamic NFT Extension
            • Lazy Mint Extension ERC1155
            • Lazy Mint Extension ERC721
        • Mint Permissions
          • Mint Permissions Functions
      • Prior Versions
        • 1.0.x
          • Creator Core
            • Common Functions
            • ERC721 Functions
            • ERC1155 Functions
          • Extensions
            • Extensions Functions
            • Extensions Examples
            • Extensions Deployment Guide
              • Dynamic NFT Extension
              • Lazy Mint Extension ERC1155
              • Lazy Mint Extension ERC721
          • Mint Permissions
            • Mint Permissions Functions
        • 2.0.x
          • Creator Core
            • Common Functions
            • ERC721 Functions
            • ERC1155 Functions
          • Extensions
            • Extensions Functions
            • Extensions Examples
            • Extensions Deployment Guide
              • Dynamic NFT Extension
              • Lazy Mint Extension ERC1155
              • Lazy Mint Extension ERC721
          • Mint Permissions
            • Mint Permissions Functions
    • Marketplace
      • Identity Verifier
    • Royalty Registry
  • Contact Us
Powered by GitBook
On this page
  • Choosing a Grant Type
  • Signature Grant
  • Token Grant
  • Authorization Code Grant
  1. Resources
  2. Apps

Grant Types

Last updated 2 years ago

Choosing a Grant Type

When creating a Developer App with Manifold, you are presented with three Grant Types to choose from. So how do you decide? For the most part, Token Grant will be the quickest and easiest way to set up your application. However, the other types are worth considering too. Here is some info about each.

It is important to note that the Manifold Widgets and Data APIs do not grant an application to execute blockchain transactions on behalf of a wallet. Each blockchain transaction will always need to be executed by the user.

Signature Grant

Provides access to Manifold's read and write . Also provides access to Manifold's server-to-server APIs.

Ease of Use

Easy

Revokable Access Tokens

Yes

Write API Access

No

Server-to-Server API Access

Read and Event Notification Only

This is the recommend option if you intend to use both read and write APIs, as well as do server-to-server API calls and authentication. The client is given a one-time use code, which can be exchanged for an access token. All of this is done client-side and built into our widget, so it is as simple as the Token Grant type. In addition, you have the ability to revoke access tokens, which lets you have the peace of mind in using the auth flow exclusively on the frontend.

Security Considerations

The Signature Grant Types is subject to man-in-the-middle attacks. If someone is snooping on your network, they may intercept the access token and call the read and write APIs as the user. In this situation, application private information for that specific user may be compromised.

See for more details.

Token Grant

Provides read-only access to publicly available data offered by the .

Ease of Use

Easy

Revokable Access Tokens

No

Write API Access

No

Server-to-Server API Access

No

This is the best option if you want to get started quickly and only have a frontend website and only want the ability to read public information associated with the wallet and trigger transaction signatures.

Security Considerations

The downside to the Token Grant Type is that the access token is passed to the client directly, hence subject to man-in-the-middle attacks. If someone is snooping on your network, they may intercept the access token and call the read APIs as the user. However, this data is publicly available anyways, so there is no privacy risk here.

Authorization Code Grant

PREREQUISITE: You need to operate your own backend server to use this grant type.

Provides access to Manifold's read and write Data APIs. Also provides access to Manifold's server-to-server APIs.

Ease of Use

Difficult

Revokable Access Tokens

Yes

Write API Access

Yes

Server-to-Server API Access

Yes

This is the most secure grant type, and provides access to read and write APIs, as well as server-to-server read and write API's. This Grant Type returns an authorization code to your client, which is passed to your server to exchange for an access token. This access token can then be stored on your backend (most secure) or passed back to your client (less secure).

Server Stored Access Tokens (most secure)

If you elect to store the access token on your backend server, any time you want to make a query to one of our data APIs, you will pass the query from the client to your own server before making the request to our server. This way the access token is never revealed client-side, and all API calls must go through your own server. While this gives more security, there is a lot more overhead in managing both a frontend and backend. We suggest this option for more power users who want the comfort of a higher level of security.

for more details.

Data Client
Server-Side Session Authentication - Signature Grant Type
Data Client
See Server-Side Session Authentication - Authorization Code Grant