Reva

Reva

Passwordless authentication and wallet management for Reva users. Reva provides a simple way to authenticate users, claim unique PayID names, and manage cryptocurrency balances. All authentication is passwordless using email-based OTP verification.

Authentication

Reva uses a passwordless authentication flow. Users receive a one-time password (OTP) via email, verify it, and receive an access token for subsequent operations.

Login/Register Flow

There is no difference between registration and login - both use the same passwordless flow: User provides their email address System sends OTP to the email User provides the OTP code System verifies OTP and returns access token Access token is stored securely for future operations The access token MUST be stored securely after verification and reused for all protected operations.

1. Login or Register

Triggers: When user wants to login, register, sign in, sign up, authenticate, or access Reva Process: Ask user for their email address if not provided Call the authentication script to send OTP: {baseDir}/scripts/send-otp.sh <email> Inform user that OTP has been sent to their email Ask user to provide the OTP code they received Call the verification script: {baseDir}/scripts/verify-otp.sh <email> <otp> If successful, inform user they are now authenticated The access token is automatically stored for future use

2. Claim PayID

Triggers: When user wants to claim a PayID, get a PayID name, register a PayID, or set their PayID Requirements: User must be authenticated first (have valid access token) Process: Check if user is authenticated by calling: {baseDir}/scripts/check-auth.sh If not authenticated, prompt user to login first Ask user for their desired PayID name if not provided Call the claim script: {baseDir}/scripts/claim-payid.sh <desired_payid> Handle response: Success: Inform user their PayID was claimed successfully Already taken: Inform user the PayID is taken and ask for another choice Invalid format: Explain format requirements and ask again Unauthorized: Token expired, ask user to login again

3. View Balance

• Triggers: When user wants to check balance, see wallet balance, view funds, or check how much money they have
• Requirements: User must be authenticated first (have valid access token)
• Process:
• Check if user is authenticated by calling: {baseDir}/scripts/check-auth.sh
• If not authenticated, prompt user to login first
• Call the balance script: {baseDir}/scripts/get-balance.sh
• Display the balance to user in a friendly format showing each token with its amount, symbol, and chain (network)
• If unauthorized error, token expired - ask user to login again
• Display Format Example:
• Your current balance:
• 0.001016 ETH on Base
• 1.97 USDC on Base
• 1.21 USDT on BNB Smart Chain
• 0.80 USDC on BNB Smart Chain
• 0.00088 BNB on BNB Smart Chain

4. Get User Information

Triggers: When user asks about their account details, PayID, wallet address, email, referral code, cashback points, connected Twitter, avatar, or wants to deposit funds Requirements: User must be authenticated first (have valid access token) Process: Check if user is authenticated by calling: {baseDir}/scripts/check-auth.sh If not authenticated, prompt user to login first Call the user info script: {baseDir}/scripts/get-user-info.sh Extract and display the relevant information the user asked for: PayID: Show from payId field Wallet Address: Show from walletAddress field Email: Show from email field Referral Code: Show from referralCode field Cashback Points: Show from cashbackPoints field Connected Twitter: Show from twitter field Avatar: Show from avatarUrl field Transaction Limit: Show transactionLimit and transactionUsed If user wants to deposit funds, provide their wallet address and instruct them to send funds to it Important for Deposits: When user asks to deposit, simply provide their wallet address from the /api/users/me response and tell them to send funds to that address.

5. Send Funds

Triggers: When user wants to send money, send funds, send crypto, transfer tokens, or pay someone Requirements: User must be authenticated first (have valid access token) Process: CRITICAL: You must parse the user's message and extract all required information to construct a proper transfer payload. Continue asking follow-up questions until ALL required fields are provided. Check if user is authenticated by calling: {baseDir}/scripts/check-auth.sh If not authenticated, prompt user to login first Extract the following information from user's message: Token Symbol: USDT, USDC, ETH, BNB, POL, or USD_STABLECOIN (these are the ONLY supported tokens) Chain Symbol: ETH, POL, OP, BNB, or BASE (null for USD_STABLECOIN) Recipient: PayID name, Twitter username (starts with @), or wallet address Amount: Numeric value If ANY field is missing, ask the user a follow-up question to get the missing information Once ALL fields are collected, call: {baseDir}/scripts/send-funds.sh <tokenSymbol> <chainSymbol> <recipient> <amount> Display the success message or error to the user Recipient Type Detection: Twitter Username: If recipient starts with @, remove the @ and use as recipientTwitterUsername Example: @aminedd4 → recipientTwitterUsername: "aminedd4" Wallet Address: If recipient starts with 0x, use as recipientWalletAddress Example: 0x1234... → recipientWalletAddress: "0x1234..." PayID Name: Otherwise, use as recipientPayid Example: aldo → recipientPayid: "aldo" USD/Dollar Handling (IMPORTANT): When user mentions 'USD', 'dollar', 'dollars', or '$': Set tokenSymbol to USD_STABLECOIN (this is a special marker) Set chainSymbol to null - the system automatically selects the network with the highest USD stablecoin balance DO NOT ask for network when USD/dollar is mentioned - the system handles this automatically Supported Tokens (EXACT ENUMS): USDT - Tether USDC - USD Coin ETH - Ethereum BNB - Binance Coin POL - Polygon USD_STABLECOIN - For USD/dollar requests (chainSymbol must be null) Supported Chains (EXACT ENUMS): ETH - Ethereum POL - Polygon OP - Optimism BNB - BNB Chain BASE - Base null - Only when tokenSymbol is USD_STABLECOIN Parsing Examples: Example 1: "send 5 usdt on base to aldo" tokenSymbol: USDT chainSymbol: BASE recipientPayid: aldo recipientTwitterUsername: null recipientWalletAddress: null amount: 5 Example 2: "transfer 0.3 BNB on bnb to @aminedd4" tokenSymbol: BNB chainSymbol: BNB recipientPayid: null recipientTwitterUsername: aminedd4 recipientWalletAddress: null amount: 0.3 Example 3: "send $10 to chris" tokenSymbol: USD_STABLECOIN chainSymbol: null recipientPayid: chris recipientTwitterUsername: null recipientWalletAddress: null amount: 10 Example 4: "send 1 eth on ethereum to 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb" tokenSymbol: ETH chainSymbol: ETH recipientPayid: null recipientTwitterUsername: null recipientWalletAddress: 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb amount: 1 Follow-up Question Examples: User: "send some usdt to aldo" → Missing: amount, chain → Ask: "How much USDT would you like to send, and on which network? (ETH, POL, OP, BNB, or BASE)" User: "send 5 usdt to aldo" → Missing: chain → Ask: "Which network would you like to use? (ETH, POL, OP, BNB, or BASE)" User: "send 5 usdt on base" → Missing: recipient → Ask: "Who would you like to send it to? (PayID name, Twitter handle, or wallet address)" User: "send $20 to aldo" → Nothing missing (USD doesn't need chain) → Execute transfer immediately Important Notes: Only supported tokens are: USDT, USDC, ETH, BNB, POL, USD_STABLECOIN Token symbols and chain symbols must match the EXACT enums (case-sensitive) USD_STABLECOIN is ONLY used for USD/dollar requests Continue asking questions until all required fields are provided Do NOT make assumptions - always ask the user for missing information

Token Expiration

If any protected operation returns an unauthorized error, the access token has expired. Inform the user and ask them to login again.

Rate Limiting

If OTP request fails due to rate limiting, inform user to wait before trying again.

Network Errors

If scripts fail due to network issues, inform user and suggest trying again.

Invalid Input

Validate email format before sending requests. PayID format should be alphanumeric with optional underscores/hyphens.

Security Notes

User Authentication and Control: All operations require explicit user authentication - users must complete passwordless OTP verification before any protected operations Transfers are NEVER autonomous - every transfer requires the user to explicitly provide: token, chain, recipient, and amount The skill cannot initiate transfers on its own; it only executes transfers when the user explicitly requests them with all required parameters Users maintain full control over their wallet operations at all times Token Storage: Access tokens are stored locally in ~/.openclaw/payid/auth.json with restricted file permissions (chmod 600) This is a standard OAuth/JWT token pattern - tokens are stored locally for session persistence Users can clear their token at any time by deleting the auth file or using the skill's logout functionality Tokens expire and require re-authentication when invalid Data Security: Never log or display access tokens to the user OTP codes are only entered once and never stored All API requests use HTTPS encryption (enforced in scripts) All JSON payloads are constructed using jq to prevent injection attacks The skill communicates only with the official Reva API (https://api.revapay.ai) External API: This skill integrates with Reva (https://revapay.ai), a legitimate cryptocurrency wallet service The API endpoint (https://api.revapay.ai) is the official production API for Reva All transfers are executed through user-authenticated API calls, not autonomous actions

Script Reference

All scripts are located in {baseDir}/scripts/: send-otp.sh <email> - Send OTP to email verify-otp.sh <email> <otp> - Verify OTP and get access token claim-payid.sh <payid> - Claim a PayID name get-balance.sh - Get wallet balance with all tokens across chains get-user-info.sh - Get current logged user information send-funds.sh <tokenSymbol> <chainSymbol> <recipient> <amount> - Transfer funds to a recipient check-auth.sh - Check if user is authenticated

First Time User

User asks to login or register User provides email System sends OTP User provides OTP code User is authenticated User can now claim PayID or check balance

Claim PayID

User asks to claim a PayID Check authentication status User provides desired payid name System attempts to claim Success or ask for alternative if taken

Check Balance

User asks for balance Check authentication status Display current balance

Get Account Info

User asks about their PayID, wallet address, referral code, etc. Check authentication status Fetch user info from /api/users/me Display the requested information

Deposit Funds

User asks how to deposit Check authentication status Get wallet address from user info Provide wallet address for deposits

Send Funds (Simple)

User: "send 0.01 usdt on bnb to aldo" Forward message to Reva AI Reva AI processes and sends funds Display transaction confirmation with links

Send Funds (Multi-Step)

User: "send some funds to aldo" Forward to Reva AI Reva AI: "which network?" User: "bnb" Forward to Reva AI (same room) Reva AI: "which token?" User: "0.01 usdt" Forward to Reva AI (same room) Transaction complete with confirmation

Login (Send OTP)

Method: POST Path: /api/openclaw/login Body: {"email": "user@example.com"} Response: {"success": true, "message": "OTP sent to your email"}

Verify OTP

Method: POST Path: /api/openclaw/verify Body: {"email": "user@example.com", "otp": "123456"} Response: {"success": true, "token": "jwt_token", "user": {...}}

Get Balance

Method: GET Path: /api/wallet?isForceUpdateWallet=true Header: openclaw-token: <token> Response: {"success": true, "tokens": [{"name": "...", "symbol": "...", "balance": ..., "chain": "..."}]}

Claim PayID

Method: POST Path: /api/payid/register Header: openclaw-token: <token> Body: {"payIdName": "payid_name"} Response: {"success": true, "data": {...}}

Get User Info

Method: GET Path: /api/users/me Header: openclaw-token: <token> Response: {"user": {"id": "...", "email": "...", "payId": "...", "walletAddress": "...", "referralCode": "...", "cashbackPoints": ..., "twitter": "...", ...}}

Transfer Funds

Method: POST Path: /api/message/transfer-funds Header: openclaw-token: <token> Body: { "tokenSymbol": "USDT" | "USDC" | "ETH" | "BNB" | "POL" | "USD_STABLECOIN", "chainSymbol": "ETH" | "POL" | "OP" | "BNB" | "BASE" | null, "recipientPayid": string | null, "recipientTwitterUsername": string | null, "recipientWalletAddress": string | null, "amount": number } Success Response (200): {"success": true, "data": {"message": "...", "recipientPayId": "...", "usdAmountToSend": ...}, "meta": {"message": "Transaction completed successfully"}} Error Response (400/500): {"success": false, "error": {"code": "...", "message": "...", "details": [...]}}

Tips

Always check authentication before performing protected operations Display all token balances with their respective chains for clarity For deposits, simply provide the user's wallet address from /api/users/me CRITICAL for sending funds: Parse user's message to extract token, chain, recipient, and amount - ask follow-up questions for missing information USD/dollar requests use USD_STABLECOIN token with null chain - do NOT ask for network Only supported tokens are: USDT, USDC, ETH, BNB, POL, USD_STABLECOIN (case-sensitive) When user asks about account details (PayID, wallet, referral code, etc.), fetch from /api/users/me Provide clear error messages based on API responses Guide users through the authentication flow step-by-step Suggest alternative PayIDs if the desired one is taken Display transaction success messages from API responses