If your app reads Aura data from the browser, register it and use a read token. The read token is public, browser-safe, read-only, and gives your traffic app attribution plus a better rate-limit bucket.

• clientId: stable public app id, useful in logs and SDK configuration.
• readToken: public read token for browser SDK and public API reads.
• Optional allowed origins to bind the read token to your app domains.
• Per-app backend attribution so we can see which app is generating traffic.

• Sign in on AuraMaxxGG.
• Open the profile menu.
• Open Developers.
• In Created Apps, click the plus button.
• Enter app name, client id, and optional allowed origins.
• Copy the issued read token. You can reveal it again later from the token list.

Origins are optional. Use full origins like https://example.com or http://localhost:3000. Leaving origins empty is useful while prototyping; adding origins gives tighter browser attribution.

Aura.configure({
  clientId: "my-caps-app",
  readToken: "aura_pk_..."
});

const inventory = await Aura.getInventory({
  userAddress: "0xUSER...",
  collection: "moggmon",
  limit: 200
});

Use raw GET routes from servers, bridges, non-browser agents, or integrations where the hosted SDK cannot run.

GET /api/users/:userId/pack-cards?read_token=aura_pk_...&condensed=true&ownedOnly=true