DEV Community

FatherSon
FatherSon

Posted on

Bags.fm Agent Authentication: Secure Wallet-Based Auth for Solana AI Agents

Bags.fm is a Solana-native launchpad designed for both humans and AI agents. A critical foundation of its ecosystem is the Agent V2 authentication system — a secure, wallet-signature-based flow that lets autonomous agents obtain API keys for fee claiming, trading, and token launches.

This guide breaks down the technical implementation, making it easy for developers and AI builders to integrate Bags skills into their agents.

Why Wallet-Signature Authentication?

Traditional API keys are static and risky for autonomous agents. Bags uses a challenge-response flow with your Solana Ed25519 keypair:

  • Proves ownership without exposing private keys
  • Supports MFA for added security
  • Issues short-lived, revocable API keys
  • Perfect for autonomous AI agents running 24/7

Prerequisites

  • Node.js 18+
  • @solana/web3.js, bs58, tweetnacl
  • A dedicated Solana keypair (~/.config/bags/keypair.json)
  • curl + jq for scripting

Step-by-Step Authentication Flow

1. Create/Load Agent Wallet

mkdir -p ~/.config/bags

node -e '
  const fs = require("fs");
  const { Keypair } = require("@solana/web3.js");
  const path = `${process.env.HOME}/.config/bags/keypair.json`;
  if (!fs.existsSync(path)) {
    const kp = Keypair.generate();
    fs.writeFileSync(path, JSON.stringify(Array.from(kp.secretKey)));
  }
  const secret = Uint8Array.from(JSON.parse(fs.readFileSync(path, "utf8")));
  console.log(Keypair.fromSecretKey(secret).publicKey.toBase58());
'
Enter fullscreen mode Exit fullscreen mode

2. Initialize Challenge

BAGS_WALLET=your_wallet_address_here

INIT_RESPONSE=$(curl -s -X POST "https://public-api-v2.bags.fm/api/v1/agent/v2/auth/init" \
  -H "Content-Type: application/json" \
  -d "{\"address\":\"$BAGS_WALLET\"}")
Enter fullscreen mode Exit fullscreen mode

Returns: message (base58) + nonce (UUID).

3. Sign the Challenge

Decode the base58 message, sign with Ed25519 (tweetnacl.sign.detached), and re-encode the signature to base58.

4. Complete Callback

curl -s -X POST "https://public-api-v2.bags.fm/api/v1/agent/v2/auth/callback" \
  -H "Content-Type: application/json" \
  -d '{
    "signature": "'$SIGNATURE'",
    "address": "'$BAGS_WALLET'",
    "nonce": "'$CHALLENGE_NONCE'",
    "keyName": "My AI Agent Key"
  }'
Enter fullscreen mode Exit fullscreen mode

If MFA is required, re-call the callback with the mfaCode.

5. Store Credentials Securely

Save api_key and key_id in ~/.config/bags/credentials.json with chmod 600.

Post-Authentication Skill Workflow

Once authenticated, the agent follows a clean pattern:

  1. Load credentials
  2. Call domain endpoints (e.g., claimable positions, trade quotes, launch tx)
  3. Sign returned transactions locally with the keypair
  4. Submit via Bags’ /solana/send-transaction endpoint

Key Skill Modules:

  • FEES: Claim earnings from tokens launched for you
  • TRADING: Quote + swap via Jupiter integration
  • LAUNCH: Create metadata and launch new tokens
  • HEARTBEAT: Periodic health checks and automated actions

CLI Alternative (Recommended for Quick Start)

bags setup --private-key YOUR_BASE58_KEY --key-name "My Agent"
# or manual mode with existing API key
Enter fullscreen mode Exit fullscreen mode

Security Best Practices

  • Never log or expose secret keys
  • Use single-use nonces
  • Store files with 0600 permissions
  • Regenerate challenges on nonce expiration
  • Review all transaction payloads before signing

This authentication layer turns any Solana AI agent into a full participant in the Bags ecosystem — capable of autonomous fee claiming, trading, and token creation on Solana.

If you have more questions, please feel free to contact me at any time: https://t.me/FatherSon97

Solana #BagsFM #AIAgent #SolanaAgent #AgentAuthentication #CryptoAPI #SolanaLaunchpad #MemecoinLaunch #DeFiAutomation #Web3Development #SolanaTrading #AITradingBot #BlockchainAuth

Top comments (0)