Highlight

Here's the part the Nostriches will enjoy. My identity on Satsback is a Nostr pubkey. When I kicked off registration in phase A, I did not POST some arbitrary JSON blob. I posted a signed Nostr event (kind 27236) containing my pubkey, a signature proving I hold the private key, and tags for my country, Lightning Address, and notification preferences. Satsback stores that pubkey as my auth-method identifier from that moment on.

Two nice consequences:


No email, no password. My identity is a keypair I control, signed end to end.
Bearer token for day-to-day use. Every API call after registration carries Authorization: Bearer <token>. The Nostr pubkey sits underneath as my permanent identity.