The authentication methods provided (Email OTP and SIWE) verify baseline credential possession but do not constitute comprehensive Multi-Factor Authentication (MFA) for high-risk actions. Integrating partners are legally required to implement their own supplementary step-up authentication before permitting access to transactional endpoints (including but not limited to the Stablecoin, Accounts, and BakktX APIs).
For SIWE (Sign-In with Ethereum): Bakkt relies entirely on the cryptographic signature provided. The integrating client and the end-user bear sole responsibility for the security of underlying private keys. Bakkt explicitly disclaims all liability for unauthorized transactions, data breaches, or financial losses resulting from compromised email accounts or Web3 wallet private keys.
Two authentication methods are supported (use exactly one):
Option 1 - SIWE (Sign in with Ethereum): Provide message and signature from SIWE flow
Option 2 - OTP (One-Time Password): Provide user_uuid to trigger email OTP
Note: You must provide either (message + signature) OR (user_uuid), but not both.
