ThetaPass - JavaScript


OAuth 2.0 Apps

Only ThetaDrop creators can make apps on ThetaDrop. Please contact your project manager for access.

Example Project

View on GitHub

OAuth2.0 Login

Getting started

ThetaDropConnect - slim library to interact with the ThetaDrop accounts .

Installing ThetaDropConnect

Dapps must use the ThetaDropConnect library to interact (read-only) with the user's accounts on ThetaDrop to prove ownership of NFTs.

npm install --save @thetalabs/theta-drop-connect


Three different ways to import depending on your project.

node.js require

const ThetaDropConnect = require("@thetalabs/theta-drop-connect");


import {ThetaDropConnect} from '@thetalabs/theta-drop-connect';

JS Script Tag

<script type="application/javascript" src="//"></script>

<!-- Using the UMD version requires a bit of extra setup because of the setup of the ThetaDropConnect module (i.e. exporting ThetaDropConnect class)-->
<script type="application/javascript">
const ThetaDropConnect = window.ThetaDropConnect.ThetaDropConnect;

Initialize a ThetaDropConnect object

const thetaDrop = new ThetaDropConnect();

Login with ThetaDrop

Users must login to ThetaDrop to fetch their OAuth2.0 credentials.

Via Popup

const AppId = 'YOUR_THETA_APP_ID';
const RedirectUrl = 'YOUR_THETA_APP_REDIRECT_URL';
const result = await thetaDrop.connectViaPopup(AppId, RedirectUrl);
const {snsId, oauth2Token} = result;

Via Redirect

const AppId = 'YOUR_THETA_APP_ID';
const RedirectUrl = 'YOUR_THETA_APP_REDIRECT_URL';
thetaDrop.connectViaRedirect(AppId, RedirectUrl);

Exchange authorization token for access token


Secret token safety

Never expose your secret token on your frontend. This request should ONLY be made from your backend API.

The authorization code is an intermediate credential, which encodes the authorization obtained at step 1. It is therefore opaque to the client and only has meaning to the authorization server. To retrieve the access token your backend should make a request to the Theta Platform Services authorization endpoint.


curl -X POST
-H "Content-Type: application/json" 
-H "x-client-id: YOUR_DAPP_ID" 
-H "x-client-secret: YOUR_DAPP_SECRET"


  "status": "success",
  "body": {
    "user_sessions": [
        "id": "sess_somesessionid",
        "user_id": "user_someuserid",
        "type": "access_token",
        "access_token": "someaccesstoken",
        "expiration": "2022-02-21T19:41:45.198Z"

You should use the user_id returned here and ignore the sns_id from the redirectUrl.

Using ThetaPass to prove ownership of NFT

Fetch User

Fetch the account info for a connected user.

 const userData = await thetaDrop.fetchUser();

Check User Ownership

Fetch the account info for a connected user.

Example proving ownership ThetaZilla NFT

const ThetaZillaId = 'type_2s2kcznsu3e06en43r3kg50b90c';
const filters = {
    content_id: ThetaZillaId
const isOwner = await thetaDrop.checkUserIsOwner(filters); 

Example proving ownership by any NFT created by ThetaZilla NFT

const ThetaZillaCreatorId = 'user_446i201m6304j1ts23d48cwuyxq';
const filters = {
    content_creator_id: ThetaZillaCreatorId
const isOwner = await thetaDrop.checkUserIsOwner(filters); 

Fetch NFTs

Example fetching all NFTs created by ThetaZilla NFT

const ThetaZillaCreatorId = 'user_446i201m6304j1ts23d48cwuyxq';
const filters = {
    content_creator_id: ThetaZillaCreatorId
const response = thetaDrop.fetchUserNFTs();