Lighthouse
  • πŸ‘‹Introduction
  • Quick Start
  • How To
    • πŸ”‘Create an API Key
    • πŸ”ΌUpload Data
      • πŸ“File
      • πŸ”€Text/JSON
      • πŸ”€Buffer
    • πŸ”’Upload Encrypted Data
      • πŸ“File
      • πŸ”€Text/JSON
      • πŸ”Encryption Authentication
        • πŸ“Method 1: Signed Message
        • βš•οΈMethod 2: JWT
        • πŸ“²Method 3: Passkey
    • Encryption Features
      • πŸ‘―Share File
      • ❌Revoke Access
      • πŸ”‘Check Access Conditions
      • πŸšͺToken Gating
      • Chains Supported
      • πŸ“ƒAccess Control Conditions
      • πŸ”“Decrypt File
        • 🌐Browser Decrypt File
        • πŸ’»NodeJS Decrypt File
      • πŸšͺAccess control with zkTLS
      • πŸ‘¬Account Delegation Tutorial
    • πŸ“‚List Files
    • πŸ’File Info
    • πŸ’°Get Balance
    • πŸ”Retrieve File
    • πŸ’ΎCheck for Filecoin Deals
    • πŸ”„IPNS - Handle Mutable Data
    • πŸ“¦Migrate Files
    • πŸ“ŒPin CID
    • πŸ’ΈPay per use
    • Resize Image
    • πŸ’»Use CLI Tools
  • zkTLS
  • 🀝Account Delegation
  • πŸ’ΎFilecoin First
    • Usage
    • πŸ’°Pay Per Deal
  • Tutorials
    • πŸ’ΈPay to View Application
    • Use Python SDK
    • πŸ“Update Content with Lighthouse IPNS
    • πŸ“ΉAdd Video Player in UI
    • βœ…Document Verification with PoDSI
    • 🎨Minting NFTs on EVM Chains
    • πŸͺ™Minting NFTs on Solana
    • πŸ‘©β€πŸ’»Programmable Storage with Lighthouse SDK and Filecoin
    • πŸ”Secure File Sharing
    • Upload Encrypted Files
    • πŸ“„Token Gating and Custom Contract
    • πŸ”‘Token Gating NFTs
    • πŸ–οΈPushing File Metadata Onchain
    • Use Radix Wallet on Lighthouse Filesdapp
  • Concepts
    • Glossary
    • IPFS CID Transition to v1
  • Support
    • πŸ“žContact
Powered by GitBook
On this page
  • Introduction to Account Delegation
  • How Account Delegation Works in Lighthouse
  • Demo

Was this helpful?

Edit on GitHub

Account Delegation

PreviouszkTLSNextUsage

Last updated 23 days ago

Was this helpful?

Introduction to Account Delegation

Account Delegation enables a user (the β€œowner”) to grant another account permission to access and decrypt all of their encrypted files stored in Lighthouse. This feature is ideal for shared workspaces, recovery workflows, or any scenario where secure file access must be temporarily or permanently delegated without re-encrypting data or re-uploading assets.

How Account Delegation Works in Lighthouse

The delegation flow involves three core steps:

  1. Authenticate as Owner The owner signs an authentication message with their private key to obtain a JWT or signed bearer token from Lighthouse Kavach service.

  2. Set Delegation Permissions The owner calls the setAllFilesAccess endpoint, passing the delegate’s address and the token. Lighthouse updates its access-control registry, allowing the delegate to retrieve shared encryption keys for CID belonging to the owner.

  3. Delegate Decrypts Files The delegate signs their own auth message, then calls the retrieveSharedKey endpoint with the owner’s address, the target CID, and their token. Lighthouse returns the shard of the master encryption key, which the delegate combines using Lighthouse Kavach and uses to decrypt the file.

Demo

🀝
Checkout how to use Account Delegation in Lighthouse