One script tag. No SDK, no API key, no backend required. Users sign in with their Heylogram name — no password, no email. You get a verified identity ({ address, name }).
Paste the snippet (right). The script renders the button and handles the redirect.
On return, a heylogram:login event fires with { ok, address, name }. The name is verified on-chain.
For real sessions, re-check the signature on your server:
# Optional: re-verify on YOUR server before creating a session
POST https://web3.jjvoi.com/api/auth/verify
Content-Type: application/json
{ "message": "<hl_msg>", "signature": "<hl_sig>", "address": "<hl_address>" }
# 200 -> { "ok": true, "address": "0x..", "name": "eyup", "nonce": ".." }The message is bound to your app, domain, a one-time nonce and a 10-minute expiry, so a signature cannot be replayed on another site. The signature only proves wallet + name ownership — it can never move funds.
<script src="https://web3.jjvoi.com/heylogram-login.js"></script>
<div data-heylogram-login
data-app="My App"
data-redirect="https://your.site/return"></div>
<script>
window.addEventListener('heylogram:login', function (e) {
// e.detail = { ok, address, name }
if (e.detail.ok) {
console.log('Signed in as', e.detail.name || e.detail.address);
}
});
</script>Register your app under a Heylogram name you own. Verified apps show a green ✓ Verified badge on the sign-in screen and lock returns to your registered sites — so no one can impersonate your app. Requires owning the name (sign once, free).
app-id (your name) and a verified snippet with data-app-id. The sign-in screen then shows your app as verified and only returns to your registered origins.