Manage digital assets without a web3 wallet

Take your wallet to the bank. Take your passport to the app. Passports enable products to integrate web3 assets like NFTs. Users don't need to manage seed phrases or trust a third-party to store secret keys.

Passport is directly integrated into the Underdog API which means you can use the API to create NFTs for your users just by knowing a user's email, username, or any other unique identifier.


In this guide, we'll cover:

  1. What is a Passport?
  2. How do I mint NFTs to a Passport?
  3. How can my users manage their Passport assets?

We'll assume you have set up an Underdog Project and grabbed an API key from the Quick Start.

What is a Passport?

A Passport is an account on the blockchain that can hold, send, & delete digital assets like NFTs. If you're familiar with Solana's program structure, they're program derived addresses (PDAs) whose seeds are a namespace & identifier and can only transfer & burn assets.

Passports are composed of three parts: an address that is uniquely defined by a namespace & identifier.

addressUnique ID for the Passport determined by the namespace and identifier7px1aXrdcySNHEF8aQ12iHBW5a2MVsqQU1ELkTdYAgjN
namespaceName of the applicationpublic, solarplex, underdog, sporting
identifierIdentifier of a user within an application[email protected]

Passports by default are uninitialized accounts on the Solana blockchain meaning there is zero on-chain rent that needs to be paid. The magic of compression + NFTs + PDAs makes it free to mint NFTs to a Passport address.

Once users want full control over their assets, they can "activate" their Passport account to access the full scope of what you can do in web3, which we'll cover later.

How do I create NFTs for a Passport?

To Create an NFT for a Passport, all you need is the user's identifer (i.e. email, Twitter handle, Reddit username).

Assuming we've set up a Project with ID 1 and have an Underdog API Key from the Quick Start, let's mint an NFT to a Passport address.

const underdogApiEndpoint = "";

const config = {
    headers: { Authorization: `Bearer ${UNDERDOG_API_KEY}` }

const projectId = 1

In addition to passing in the NFT metadata in the Quick Start, we need to specify a receiver in the request body. The receiver object takes in either:

  1. address which can be any valid web3 address (and overrides any values set for namespace or identifier
  2. namespace (optional) + identifier where the namespace defaults to public if blank and identifier is an email, Reddit username, or any other unique identifier. In this case, we use an email in the public namespace.
const nftData = { 
  "name": "Underdog #2", 
  "symbol": "UP", 
  "image": "",
  "receiver": {
    "identifier": "[email protected]"

const createNftResponse = await

How can my users manage their Passport assets?

Users can manage their Passport assets at Currently we only support Sign in with Google (though we can support any type of Oauth2 authentication upon request).

Once signed into Passport, users can see all applications that support Passport and see all their assets for each application. If you'd like to have your application added to Passport, please shoot a message to the email in this guide.

Activating a Passport

In order for users to send & delete the assets in their Passport, they need to activate their Passport account by connecting a "real" wallet. Users can activate a Passport on an application's page within the Passport website and hitting activate.

This will prompt the user to sign a transaction with a connected wallet and initialize the on-chain account (it's a tiny account so costs the user ~$0.01 worth of SOL). This wallet becomes the designated signer to send & delete the assets within that application's Passport.

Send & Delete Assets

Once the Passport is activated, users can sign messages to send & delete the assets within that Passport. Only the wallet that activated the account can sign the transfer and burn transactions - there are no other possible signers, including the product, Underdog, or anyone malicious.


Users cannot transfer assets that are delegated (see delegated: true on the Create an NFT endpoint). This allows applications to mint non-transferable NFTs to a user's Passport and transfer NFTs out of the user's Passport on their behalf.


In order to prevent spam and give users control over unwanted assets, users can burn any asset even if they do not hold delegate authority.

Additional Resources