Traditional Connection Flow

Connection Secret

Apps and wallets initiated connections via "Connection Secrets". The wallet service generates a Connection Secret with protocol nostr+walletconnect:// and base path it's hex-encoded pubkey with the following query string parameters:

• relay Required. URL of the relay where the wallet service is connected and will be listening for events. May be more than one.

• secret Required. 32-byte randomly generated hex encoded string. The client app MUST use this to sign events and encrypt payloads when communicating with the wallet service.

  • Authorization does not require passing keys back and forth.

  • The user can have different keys for different applications. Keys can be revoked and created at will and have arbitrary constraints (e.g. budgets).

  • The key is harder to leak since it is not shown to the user and backed up.

  • It improves privacy because the user's main key would not be linked to their payments.

Example Connection Secret:

nostr+walletconnect://b889ff5b1513b641e2a139f661a661364979c5beee91842f8f0ef42ab558e9d4?relay=wss%3A%2F%2Frelay.getalby.com/v1&secret=71a8c14c1407c113601079c4302dab36460f0ccd0ad506f1f2dc73b5100e4f3c

The user then copies this connection secret and pastes it into the app or website they are using to initiate the connection.