Bags.fm is a Solana-native launchpad designed for both humans and AI agents. A critical foundation of its ecosystem is the Agent V2 authentication system — a secure, wallet-signature-based flow that lets autonomous agents obtain API keys for fee claiming, trading, and token launches.
This guide breaks down the technical implementation, making it easy for developers and AI builders to integrate Bags skills into their agents.
Why Wallet-Signature Authentication?
Traditional API keys are static and risky for autonomous agents. Bags uses a challenge-response flow with your Solana Ed25519 keypair:
- Proves ownership without exposing private keys
- Supports MFA for added security
- Issues short-lived, revocable API keys
- Perfect for autonomous AI agents running 24/7
Prerequisites
- Node.js 18+
-
@solana/web3.js,bs58,tweetnacl - A dedicated Solana keypair (
~/.config/bags/keypair.json) -
curl+jqfor scripting
Step-by-Step Authentication Flow
1. Create/Load Agent Wallet
mkdir -p ~/.config/bags
node -e '
const fs = require("fs");
const { Keypair } = require("@solana/web3.js");
const path = `${process.env.HOME}/.config/bags/keypair.json`;
if (!fs.existsSync(path)) {
const kp = Keypair.generate();
fs.writeFileSync(path, JSON.stringify(Array.from(kp.secretKey)));
}
const secret = Uint8Array.from(JSON.parse(fs.readFileSync(path, "utf8")));
console.log(Keypair.fromSecretKey(secret).publicKey.toBase58());
'
2. Initialize Challenge
BAGS_WALLET=your_wallet_address_here
INIT_RESPONSE=$(curl -s -X POST "https://public-api-v2.bags.fm/api/v1/agent/v2/auth/init" \
-H "Content-Type: application/json" \
-d "{\"address\":\"$BAGS_WALLET\"}")
Returns: message (base58) + nonce (UUID).
3. Sign the Challenge
Decode the base58 message, sign with Ed25519 (tweetnacl.sign.detached), and re-encode the signature to base58.
4. Complete Callback
curl -s -X POST "https://public-api-v2.bags.fm/api/v1/agent/v2/auth/callback" \
-H "Content-Type: application/json" \
-d '{
"signature": "'$SIGNATURE'",
"address": "'$BAGS_WALLET'",
"nonce": "'$CHALLENGE_NONCE'",
"keyName": "My AI Agent Key"
}'
If MFA is required, re-call the callback with the mfaCode.
5. Store Credentials Securely
Save api_key and key_id in ~/.config/bags/credentials.json with chmod 600.
Post-Authentication Skill Workflow
Once authenticated, the agent follows a clean pattern:
- Load credentials
- Call domain endpoints (e.g., claimable positions, trade quotes, launch tx)
- Sign returned transactions locally with the keypair
- Submit via Bags’
/solana/send-transactionendpoint
Key Skill Modules:
- FEES: Claim earnings from tokens launched for you
- TRADING: Quote + swap via Jupiter integration
- LAUNCH: Create metadata and launch new tokens
- HEARTBEAT: Periodic health checks and automated actions
CLI Alternative (Recommended for Quick Start)
bags setup --private-key YOUR_BASE58_KEY --key-name "My Agent"
# or manual mode with existing API key
Security Best Practices
- Never log or expose secret keys
- Use single-use nonces
- Store files with
0600permissions - Regenerate challenges on nonce expiration
- Review all transaction payloads before signing
This authentication layer turns any Solana AI agent into a full participant in the Bags ecosystem — capable of autonomous fee claiming, trading, and token creation on Solana.
If you have more questions, please feel free to contact me at any time: https://t.me/FatherSon97
Top comments (0)