Payment Manager Setup

​

Overview

• Encryption/Decryption - Secure data with programmable access control
• PKP Signing - Cryptographic keys that can sign transactions based on conditions
• Lit Actions - Serverless functions with cryptographic capabilities

import { createLitClient } from '@lit-protocol/lit-client';
import { nagaTest } from '@lit-protocol/networks';

// 1. Create lit client
const litClient = await createLitClient({ network: nagaTest });

// 2. Get PaymentManager instance (requires account for transactions)
const paymentManager = await litClient.getPaymentManager({
account: yourAccount // viem account instance
});

// 1. import the useWalletClient function from wagmi
import { useWalletClient } from 'wagmi';

// 2. Use your connected wallet as the account
const { data: myAccount } = useWalletClient();

// 1. Deposit funds to your own account
const result = await paymentManager.deposit({
  amountInEth: "0.1",
});

console.log(`Deposit successful: ${result.hash}`);
// Returns: { hash: string, receipt: object }

​

Auth Service API Endpoints

• POST /register-payer - Send your x-api-key header to receive a delegated payer address and payerSecretKey. Persist this secret securely; it is required for all future delegation calls.
• POST /add-users - Provide headers x-api-key and payer-secret-key plus a JSON body containing an array of user addresses. The Auth Service uses the Payment Manager internally to delegate payments to each address in a single transaction.

The legacy capacity-credit minting flow has been removed. Payment delegation now interacts directly with the Payment Manager contracts.

import { createLitClient } from '@lit-protocol/lit-client';
import { nagaTest } from '@lit-protocol/networks';

// 1. Create the Lit client for the naga-test environment
const litClient = await createLitClient({ network: nagaTest });

const authServiceBaseUrl = 'https://naga-test-auth-service.example.com';
const apiKey = process.env.LIT_API_KEY!;

// 3. Register a payer wallet (store the secret securely server-side)
const registerResponse = await litClient.authService.registerPayer({
authServiceBaseUrl,
apiKey,
});

console.log('Payer wallet:', registerResponse.payerWalletAddress);
console.log('Payer secret (store securely!):', registerResponse.payerSecretKey);

// 4. Later on, delegate payments for multiple users using the saved secret
const delegateResponse = await litClient.authService.delegateUsers({
authServiceBaseUrl,
apiKey,
payerSecretKey: registerResponse.payerSecretKey,
userAddresses: [
  '0x1234...abcd',
  '0xabcd...1234',
],
});

console.log('Delegation submitted with tx hash:', delegateResponse.txHash);

// 5. Continue to use the same payer secret for future delegation calls

​

How the Auth Service derives payer wallets

• The service holds a single root mnemonic (LIT_DELEGATION_ROOT_MNEMONIC).
• /register-payer combines the x-api-key header with a freshly generated payerSecretKey. That pair is hashed into a deterministic derivation index, which is then used with the root mnemonic to derive a unique child wallet.
• The response includes the derived wallet address and the random payerSecretKey. The server does not store this secret; you must persist it securely on the client side.
• Later, /add-users expects both headers (x-api-key and payer-secret-key). The service recomputes the same derivation index and wallet on the fly, so the same header pair always maps to the same child wallet.
• Calling /register-payer again with the same API key issues a new random payerSecretKey, which leads to a different child wallet. Choose whether to rotate secrets or keep the original one depending on your application needs.