Lemma Complete Integration Example

Copy this code to add authentication to your site in under 5 minutes

Configuration (for testing)

Get your API key from lemma.id/dashboard Your site identifier from registration

Configure your API key and Site ID above, then click "Initialize SDK"

Integration Code

Copy and paste this code into your website:

Step 1: Add SDK Script

<!-- Add before </body> -->
<script src="https://lemma.id/static/js/lemma-wallet.js"></script>
<script src="https://lemma.id/static/js/lemma-auth-simple.js"></script>

Step 2: Initialize Authentication

const auth = new LemmaAuth({
    apiKey: 'YOUR_API_KEY',      // From lemma.id/dashboard
    siteId: 'YOUR_SITE_ID',      // Your site identifier
    debug: true                   // Enable console logs
});

Step 3: Check Authentication

// Check if user has valid credential
const isAuth = await auth.isAuthenticated();

if (isAuth) {
    // User is authenticated - show protected content
    const user = await auth.getUser();
    console.log('Authenticated as:', user.email);
    showDashboard();
} else {
    // Show login form
    showLoginForm();
}

Step 4: Request Access

// Send login email to user
async function requestAccess(email) {
    const result = await auth.sendLoginEmail(email);
    
    if (result.success) {
        alert('Check your email to complete login!');
    } else {
        alert('Error: ' + result.error);
    }
}

Step 5: Protect Routes (Optional)

// Check specific permission
const isAdmin = await auth.hasPermission('admin');

if (!isAdmin) {
    window.location.href = '/unauthorized';
}

LemmaAuth API Reference

Constructor

new LemmaAuth({
    apiKey: 'string',        // Required: Your API key
    siteId: 'string',        // Required: Your site ID
    siteDomain: 'string',    // Optional: defaults to window.location.hostname
    debug: boolean           // Optional: enable debug logging
})

Methods

isAuthenticated(skipNonce)

Returns Promise<boolean>. Pass true to skip nonce verification for faster checks.

getUser()

Returns Promise<{email, role, authenticated, credential}> or null if not authenticated.

sendLoginEmail(email, options)

Sends login email. Options: {role, redirectUrl}. Returns {success, message}.

hasPermission(permission)

Returns Promise<boolean>. Checks if user has specific permission.

logout()

Clears credentials from browser. Returns Promise<void>.

Performance

Client-side verification: ~63 microseconds (WebCrypto API)

Works offline: Yes, with 7-day cache

Credential duration: 90 days

Console Log