Skip to main content
NEAR Auth runs on two networks: testnet for building and mainnet for production. Every value on this page is network-specific — swap the whole set together when you move an app from testnet to mainnet. Testnet uses shared credentials you can copy today; mainnet requires an approved application.
Start on testnet with the values below — no sign-off needed. When you’re ready to launch, apply for production access to get your own mainnet Auth0 clientId.

All values, side by side

Every setting your app needs, per network. The NEAR values feed near-api-js and the FastAuthClient config; the Auth0 values feed the JavascriptProvider (or ReactNativeProvider).
SettingMainnetTestnet
networkIdmainnettestnet
NEAR RPC (nodeUrl)https://rpc.mainnet.near.orghttps://rpc.testnet.near.org
fastAuthContractIdfast-auth.nearfast-auth.testnet
mpcContractIdv1.signerv1.signer-prod.testnet
Auth0 domainlogin.auth.near.orglogin.testnet.fast-auth.com
Auth0 signingAudienceauth0.jwt.fast-auth.nearauth0.jwt.fast-auth.testnet
Auth0 clientIdyour approved applicationnp8paqIpMWmNbzT4xAvOOapZBjsOpptl
domain and signingAudience are optional on the provider — the SDK ships the correct defaults for the network you pass, so you only set them to override a custom Auth0 setup. clientId is always required.
There is no shared mainnet clientId. The testnet clientId above is a public, shared demo credential — never point a production app at it. Your mainnet clientId comes from your own approved application. Apply for production access →

What each value is for

  • networkId — the NEAR network your app talks to. Selects the RPC, contracts, and MPC signer for that environment.
  • NEAR RPC (nodeUrl) — the JSON-RPC endpoint near-api-js uses to build the connection you pass into FastAuthClient.
  • fastAuthContractId — the account of the on-chain NEAR Auth contract that verifies the Auth0 JWT and requests the signature.
  • mpcContractId — the MPC signer contract that produces the signature from distributed key shares. Full contract addresses live on the Mainnet and Testnet reference pages.
  • Auth0 domain — the Auth0 tenant that hosts the login flow.
  • Auth0 signingAudience — the audience the issued JWT is scoped to; on-chain, the Auth0 Guard checks this aud value.
  • Auth0 clientId — identifies your application to Auth0.

Ready-to-copy config

Drop one of these into your app and read from it. The near block configures the Browser SDK client; the auth0 block configures the JavaScript provider.
{
  "networkId": "testnet",
  "near": {
    "nodeUrl": "https://rpc.testnet.near.org",
    "fastAuthContractId": "fast-auth.testnet",
    "mpcContractId": "v1.signer-prod.testnet"
  },
  "auth0": {
    "network": "testnet",
    "domain": "login.testnet.fast-auth.com",
    "signingAudience": "auth0.jwt.fast-auth.testnet",
    "clientId": "np8paqIpMWmNbzT4xAvOOapZBjsOpptl"
  }
}

Wiring it into the SDK

Once you’ve picked a config, only three things flow into the SDK: the network and clientId for the provider, and the fastAuthContractId / mpcContractId for the client. The NEAR connection is built from networkId and nodeUrl.
import { FastAuthClient } from "@fast-auth-near/browser-sdk";
import { JavascriptProvider } from "@fast-auth-near/javascript-provider";
import { connect } from "near-api-js";

const provider = new JavascriptProvider({
  network: "testnet",
  clientId: "np8paqIpMWmNbzT4xAvOOapZBjsOpptl",
  // domain and signingAudience are optional — SDK defaults match the network
});

const { connection } = await connect({
  networkId: "testnet",
  nodeUrl: "https://rpc.testnet.near.org",
});

const client = new FastAuthClient(provider, connection, {
  fastAuthContractId: "fast-auth.testnet",
  mpcContractId: "v1.signer-prod.testnet",
});
Keep both configs in your repo and select one by an environment variable so switching networks is a single toggle — never a code change.

Keep exploring

Mainnet reference

Deployed contract addresses, RPC, and explorer for production.

Testnet reference

The same lookup for the testnet environment.

Apply for production

Get your own mainnet Auth0 credentials.