This guide will walk you through the basics of implementing UCAN (User Controlled Authorization Network) in your applications.
UCAN is a trustless, secure, local-first, user-originated authorization scheme. It provides public-key verifiable, delegable, and openly extensible capabilities without requiring centralized servers or sharing cryptographic keys.
UCANs represent capabilities - specific permissions that can be delegated to others. Each capability defines what actions can be performed on which resources.
Delegation provides a way to "transfer authority without transferring cryptographic keys". Users can delegate capabilities to others with constraints like time limits, reduced scope, and policy conditions.
An invocation expresses the intention to execute a delegated capability. It contains all the authority needed to perform a task, plus the command to actually do it.
Select a UCAN library for your programming language. We have official implementations for JavaScript, Rust, and Go.
Browse LibrariesDefine a capability schema and delegate it to another identity.
Delegate capabilities to other users and create invocations to exercise those capabilities.
See ExamplesExplore the full specification to understand all of UCAN's capabilities and implementation details.