> ## Documentation Index
> Fetch the complete documentation index at: https://developers.squads.so/llms.txt
> Use this file to discover all available pages before exploring further.
# Authentication Methods
> Choose between email-based accounts or custom signer accounts
Grid supports two self-custodial authentication approaches to fit different team needs and workflows.
## Authentication Options
Fastest way to onboard. Sign up with email and OTP. Built-in fault
tolerance.
Use your own ed25519 keys or custom key management.
## Email-Based Accounts
Users sign up with their email and verify with a code. Grid automatically uses multiple industry leading key management service providers and handles key management behind the scenes while your users maintain full control.
### Key Benefits
* **Familiar Experience** - Users sign up just like any other app
* **No Wallet Required** - Everything works in-app, no external wallet needed
* **Built-in Fault Tolerance** - Automatic multi-vendor key redundancy protects against provider failures
* **Enterprise-Grade Security** - Multi-vendor key management architecture with automated failover systems
* **Email Recovery** - Users can recover accounts through email verification
* **Perfect for Getting Started** - Recommended for most teams
### Implementation
The SDK handles all the complex key generation and encryption behind the scenes:
```typescript theme={null}
import { GridClient } from "@sqds/grid";
const gridClient = new GridClient({
environment: "sandbox",
apiKey: process.env.GRID_API_KEY!,
});
// Create account with email
const user = await gridClient.createAccount({
email: "user@example.com",
});
// Generate session secrets
const sessionSecrets = await gridClient.generateSessionSecrets();
// Complete authentication with OTP
const account = await gridClient.completeAuthAndCreateAccount({
user,
otpCode: "123456",
sessionSecrets,
});
```
For REST API implementations, the email-based authentication flow requires several steps:
Initiate account creation by providing an email address.
```bash theme={null}
curl -X POST https://grid.squads.xyz/api/grid/v1/accounts \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "x-grid-environment: sandbox" \
-H "Content-Type: application/json" \
-H "x-idempotency-key: $(uuidgen)" \
-d '{
"type": "email",
"email": "user@example.com",
"memo": "My Grid Account" // Optional
}'
```
The response will include the account creation status and metadata. An OTP will be sent to the provided email address.
Generate the necessary encryption keys and session secrets for secure key management service provider communication.
The session secret generation process involves complex cryptographic operations. See the [Account Verification API reference](/grid/v1/api-reference/endpoint/account-management/verify) for the complete implementation details and examples.
Verify the OTP code and complete account creation with the generated session secrets.
```bash theme={null}
curl -X POST https://grid.squads.xyz/api/grid/v1/accounts/verify \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "x-grid-environment: sandbox" \
-H "Content-Type: application/json" \
-H "x-idempotency-key: $(uuidgen)" \
-d '{
"email": "user@example.com",
"otp_code": "123456",
"kms_provider_config": {
"encryption_public_key": "YOUR_SESSION_ENCRYPTION_PUBLIC_KEY"
}
}'
```
The response will include the verified account address and status.
For most use cases, we recommend using the SDK as it handles all the complex cryptographic operations automatically. The REST API approach is best suited for teams that need full control over the authentication flow or are using languages without SDK support. See the [Primary Provider Integration](/grid/v1/api-reference/advanced/privy-signing) guide for more details.
## Custom Signer Accounts
Use your own ed25519 keypairs directly with Grid accounts. Perfect if you already have keys or need custom key management flows.
### Key Benefits
* **Use Existing Keys** - Integrate keypairs you already have
* **Direct Control** - No key management service provider needed, you manage keys directly
* **Multi-Signature** - Configure threshold signing with multiple keys
* **Custom Flows** - Build exactly the signing experience you need
* **Flexible Custody** - Create custodial, non-custodial, or hybrid custody accounts
### Implementation
```typescript SDK (TypeScript) theme={null}
import { GridClient } from "@sqds/grid";
import { Keypair } from "@solana/web3.js";
const gridClient = new GridClient({
environment: "sandbox",
apiKey: process.env.GRID_API_KEY!,
});
// Generate your own ed25519 keypairs
const primaryKey = Keypair.generate();
const backupKey = Keypair.generate();
// Create account with your signers
const account = await gridClient.createAccount({
type: "signers",
policies: {
threshold: 1,
signers: [
{
address: primaryKey.publicKey.toBase58(),
permissions: ["Initiate", "Vote", "Execute"],
},
{
address: backupKey.publicKey.toBase58(),
permissions: ["Vote", "Execute"],
},
],
},
});
```
```javascript REST API theme={null}
// Generate your own ed25519 keypairs (using @solana/web3.js)
import { Keypair } from "@solana/web3.js";
const primaryKey = Keypair.generate();
const backupKey = Keypair.generate();
// Create account with custom signers (no key management service provider needed)
const response = await fetch("https://grid.squads.xyz/api/grid/v1/accounts", {
method: "POST",
headers: {
Authorization: "Bearer YOUR_API_KEY",
"x-grid-environment": "sandbox",
"Content-Type": "application/json",
"x-idempotency-key": crypto.randomUUID(),
},
body: JSON.stringify({
type: "signers",
signers: [primaryKey.publicKey.toBase58(), backupKey.publicKey.toBase58()],
threshold: 1,
memo: "Multi-signature account",
}),
});
const account = await response.json();
console.log("Account created:", account.data.address);
// No key management service provider encryption - you sign transactions directly with your keys
```
## Comparison
| Feature | Email-Based Accounts | Custom Signer Accounts |
| ------------------ | --------------------- | -------------------------- |
| **Setup Time** | Minutes | Minutes |
| **Key Management** | Handled automatically | You provide and manage |
| **Recovery** | Email-based | Your responsibility |
| **Custom Flows** | Standard | Fully customizable |
| **Best For** | Quick start | Existing keys/custom needs |
## When to Choose Each Method
### Choose Email-Based Accounts When
* Getting started with Grid
* Want the quickest setup
* Building consumer-facing applications
* Prefer familiar email-based sign up flows
### Choose Custom Signer Accounts When
* Have existing ed25519 keypairs to use
* Need custom signing workflows
* Want to integrate with existing key management
* Building complex multi-signature setups
## Security Considerations
Both approaches are fully self-custodial and production-ready:
**Email-Based Accounts:**
* You control the accounts and all transactions
* Multi-vendor key management architecture provides built-in fault tolerance and vendor risk mitigation
* Automatic key redundancy across multiple providers protects against failures
* Email verification prevents unauthorized account creation
**Custom Signer Accounts:**
* You control both the keys and accounts
* Works with any ed25519 keypair generation method
* Full flexibility for multi-signature setups
## Next Steps
Complete walkthrough of email-based account creation and transaction
execution
Learn about the multi-vendor key management architecture built into
email-based accounts