Lit Actions SDK

Need help reading this?

Welcome

Welcome to the Lit Actions SDK Docs. These functions can be used inside a Lit Action. You should prefix each function with "Lit.Actions." so to call "isPermittedAction()" you should do "Lit.Actions.isPermittedAction()" To understand how these functions fit together, please view the documentation for this SDK, located at https://developer.litprotocol.com/

Signing

signEcdsa

Ask the Lit Node to sign any data using the ECDSA Algorithm with it's private key share. The resulting signature share will be returned to the Lit JS SDK which will automatically combine the shares and give you the full signature to use.

signEcdsa(params: Object): Promise<string>
Parameters
params (Object)
Name Description
params.toSign Uint8Array The data to sign. Should be an array of 8-bit integers.
params.publicKey string The public key of the PKP you wish to sign with
params.sigName string You can put any string here. This is used to identify the signature in the response by the Lit JS SDK. This is useful if you are signing multiple messages at once. When you get the final signature out, it will be in an object with this signature name as the key.
Returns
Promise<string>: This function will return the string "success" if it works. The signature share is returned behind the scenes to the Lit JS SDK which will automatically combine the shares and give you the full signature to use.

ethPersonalSignMessageEcdsa

Ask the Lit Node to sign a message using the eth_personalSign algorithm. The resulting signature share will be returned to the Lit JS SDK which will automatically combine the shares and give you the full signature to use.

ethPersonalSignMessageEcdsa(params: Object): Promise<string>
Parameters
params (Object)
Name Description
params.message string The message to sign. Should be a string.
params.publicKey string The public key of the PKP you wish to sign with
params.sigName string You can put any string here. This is used to identify the signature in the response by the Lit JS SDK. This is useful if you are signing multiple messages at once. When you get the final signature out, it will be in an object with this signature name as the key.
Returns
Promise<string>: This function will return the string "success" if it works. The signature share is returned behind the scenes to the Lit JS SDK which will automatically combine the shares and give you the full signature to use.

Checking Permissions

isPermittedAction

Check if a given IPFS ID is permitted to sign using a given PKP tokenId

isPermittedAction(params: Object): Promise<boolean>
Parameters
params (Object)
Name Description
params.tokenId string The tokenId to check
params.ipfsId string The IPFS ID of some JS code (a lit action)
Returns
Promise<boolean>: A boolean indicating whether the IPFS ID is permitted to sign using the PKP tokenId

isPermittedAddress

Check if a given wallet address is permitted to sign using a given PKP tokenId

isPermittedAddress(params: Object): Promise<boolean>
Parameters
params (Object)
Name Description
params.tokenId string The tokenId to check
params.address string The wallet address to check
Returns
Promise<boolean>: A boolean indicating whether the wallet address is permitted to sign using the PKP tokenId

isPermittedAuthMethod

Check if a given auth method is permitted to sign using a given PKP tokenId

isPermittedAuthMethod(params: Object): Promise<boolean>
Parameters
params (Object)
Name Description
params.tokenId string The tokenId to check
params.authMethodType number The auth method type. This is an integer. This mapping shows the initial set but this set may be expanded over time without updating this contract: https://github.com/LIT-Protocol/LitNodeContracts/blob/main/contracts/PKPPermissions.sol#L25
params.userId Uint8Array The id of the auth method to check expressed as an array of unsigned 8-bit integers (a Uint8Array)
Returns
Promise<boolean>: A boolean indicating whether the auth method is permitted to sign using the PKP tokenId

getPermittedActions

Get the full list of actions that are permitted to sign using a given PKP tokenId

getPermittedActions(params: Object): Promise<Array<string>>
Parameters
params (Object)
Name Description
params.tokenId string The tokenId to check
Returns
Promise<Array<string>>: An array of IPFS IDs of lit actions that are permitted to sign using the PKP tokenId

getPermittedAddresses

Get the full list of addresses that are permitted to sign using a given PKP tokenId

getPermittedAddresses(params: Object): Promise<Array<string>>
Parameters
params (Object)
Name Description
params.tokenId string The tokenId to check
Returns
Promise<Array<string>>: An array of addresses that are permitted to sign using the PKP tokenId

getPermittedAuthMethods

Get the full list of auth methods that are permitted to sign using a given PKP tokenId

getPermittedAuthMethods(params: Object): Promise<Array<Object>>
Parameters
params (Object)
Name Description
params.tokenId string The tokenId to check
Returns
Promise<Array<Object>>: An array of auth methods that are permitted to sign using the PKP tokenId. Each auth method is an object with the following properties: auth_method_type, id, and user_pubkey (used for web authn, this is the pubkey of the user's authentication keypair)

Utilities

checkConditions

Checks a condition using the Lit condition checking engine. This is the same engine that powers our Access Control product. You can use this to check any condition that you can express in our condition language. This is a powerful tool that allows you to build complex conditions that can be checked in a decentralized way. Visit https://developer.litprotocol.com and click on the "Access Control" section to learn more.

checkConditions(params: Object): Promise<boolean>
Parameters
params (Object)
Name Description
params.conditions Array<Object> An array of access control condition objects
params.authSig Object The AuthSig to use for the condition check. For example, if you were checking for NFT ownership, this AuthSig would be the signature from the NFT owner's wallet.
params.chain string The chain this AuthSig comes from
Returns
Promise<boolean>: A boolean indicating whether the condition check passed or failed

setResponse

Set the response returned to the client

setResponse(params: Object)
Parameters
params (Object)
Name Description
params.response string The response to send to the client. You can put any string here, like you could use JSON.stringify on a JS object and send it here.

call

Call a child Lit Action

call(params: Object): Promise<string>
Parameters
params (Object)
Name Description
params.ipfsId string The IPFS ID of the Lit Action to call
params.params Object? Optional parameters to pass to the child Lit Action
Returns
Promise<string>: The response from the child Lit Action. Note that any signatures performed by the child Lit Action will be automatically combined and returned with the parent Lit Action to the Lit JS SDK client.

pubkeyToTokenId

Converts a PKP public key to a PKP token ID by hashing it with keccak256

pubkeyToTokenId(params: Object): Promise<string>
Parameters
params (Object)
Name Description
params.publicKey string The public key to convert
Returns
Promise<string>: The token ID as a string

uint8arrayToString

Convert a Uint8Array to a string. This is a re-export of this function: https://www.npmjs.com/package/uint8arrays#tostringarray-encoding--utf8

uint8arrayToString(array: Uint8Array, encoding: string): string
Parameters
array (Uint8Array) The Uint8Array to convert
encoding (string) The encoding to use. Defaults to "utf8"
Returns
string: The string representation of the Uint8Array

uint8arrayFromString

Convert a string to a Uint8Array. This is a re-export of this function: https://www.npmjs.com/package/uint8arrays#fromstringstring-encoding--utf8

uint8arrayFromString(string: string, encoding: string): Uint8Array
Parameters
string (string) The string to convert
encoding (string) The encoding to use. Defaults to "utf8"
Returns
Uint8Array: The Uint8Array representation of the string

getPermittedAuthMethodScopes

Get the permitted auth method scopes for a given PKP tokenId and auth method type + id

getPermittedAuthMethodScopes(params: Object): Promise<Array<boolean>>
Parameters
params (Object)
Name Description
params.tokenId string The tokenId to check
params.authMethodType string The auth method type to look up
params.userId Uint8Array The id of the auth method to check expressed as an array of unsigned 8-bit integers (a Uint8Array)
params.maxScopeId number The maximum scope id to check. This is an integer.
Returns
Promise<Array<boolean>>: An array of booleans that define if a given scope id is turned on. The index of the array is the scope id. For example, if the array is [true, false, true], then scope ids 0 and 2 are turned on, but scope id 1 is turned off.

getLatestNonce

Gets latest nonce for the given address on a supported chain

getLatestNonce(params: Object): Promise<string>
Parameters
params (Object)
Name Description
params.address string The wallet address for getting the nonce
params.chain string The chain of which the nonce is fetched
Returns
Promise<string>: The token ID as a string

callContract

Call a smart contract

callContract(params: Object): Promise<string>
Parameters
params (Object)
Name Description
params.chain string The name of the chain to use. Check out the lit docs "Supported Blockchains" page to find the name. For example, "ethereum"
params.txn string The RLP Encoded txn, as a hex string
Returns
Promise<string>: The response from calling the contract

claimKey

Claim a key through a key identifier, the result of the claim will be added to claim_id under the keyId given.

claimKey(params: Object)
Parameters
params (Object)
Name Description
params.keyId string user id of the claim

broadcastAndCollect

Broadcast a message to all connected clients and collect their responses

broadcastAndCollect($0: Object, name: string, value: string): string
Parameters
$0 (Object)
Name Description
$0.name any
$0.value any
name (string) The name of the broadcast
value (string) The value to broadcast
Returns
string: The collected responses as a json array

decryptAndCombine

Decrypt and combine the provided

decryptAndCombine($0: Object, accessControlConditions: string, ciphertext: string, dataToEncryptHash: string, chain: string): string
Parameters
$0 (Object)
Name Description
$0.accessControlConditions any
$0.ciphertext any
$0.dataToEncryptHash any
$0.authSig any
$0.chain any
accessControlConditions (string) The access control conditions
ciphertext (string) The ciphertext to decrypt
dataToEncryptHash (string) The hash of the data to
chain (string) The chain
Returns
string: The combined data

decryptToSingleNode

Decrypt to a single node.

decryptToSingleNode($0: Object, accessControlConditions: string, ciphertext: string, dataToEncryptHash: string, chain: string): string
Parameters
$0 (Object)
Name Description
$0.accessControlConditions any
$0.ciphertext any
$0.dataToEncryptHash any
$0.authSig any
$0.chain any
accessControlConditions (string) The access control conditions
ciphertext (string) The ciphertext to decrypt
dataToEncryptHash (string) The hash of the data to
chain (string) The chain
Returns
string: The combined data

signAndCombineEcdsa

signAndCombineEcdsa($0: Object, toSign: Uint8array, publicKey: string, sigName: string): Uint8array
Parameters
$0 (Object)
Name Description
$0.toSign any
$0.publicKey any
$0.sigName any
toSign (Uint8array) the message to sign
publicKey (string) the public key of the PKP
sigName (string) the name of the signature
Returns
Uint8array: The resulting signature

runOnce

runOnce($0: Object, async_fn: any, waitForResponse: bool): bool
Parameters
$0 (Object)
Name Description
$0.waitForResponse any
$0.name any
async_fn (any)
waitForResponse (bool) Whether to wait for a response or not - if false, the function will return immediately.
Returns
bool: Whether the node can run the code in the next block or not.

getRpcUrl

getRpcUrl(chain: string): string
Parameters
chain (string) The chain to get the RPC URL for
Name Description
chain.chain any
Returns
string: The RPC URL for the chain

encrypt

encrypt($0: Object, accessControlConditions: string, to_encrypt: string): object
Parameters
$0 (Object)
Name Description
$0.accessControlConditions any
$0.to_encrypt any
accessControlConditions (string) The access control conditions
to_encrypt (string) The message to encrypt
Returns
object: Contains two items: The ciphertext result after encryption, named "ciphertext" and the dataToEncryptHash, named "dataToEncryptHash"