Alby + Nostr: Send Lightning Zaps with Sovereign Identity
Lightning wallets can’t sign Nostr events, and most Nostr clients force you to paste your private key into a web page. That’s a security disaster waiting to happen.
import { nip07 } from 'nostr-tools'
// Alby exposes window.nostr
const pubkey = await window.nostr.getPublicKey()
const event = {
kind: 1,
created_at: Math.floor(Date.now() / 1000),
tags: [],
content: 'First sovereign post'
}
const signed = await window.nostr.signEvent(event)
console.log(signed)In practice you never touch the private key, Alby holds it inside the extension and only returns signatures.
Quick Take
- Nostr identities are keypairs: your public key (npub) is your address, your private key (nsec) is your identity
- NIP-07 lets a browser extension sign events without exposing the private key
- Zaps are Lightning payments sent directly to a user’s Lightning address
Generate a Nostr Keypair with Alby
A Nostr identity is a keypair you own forever. Alby creates it for you inside the extension so you never have to copy-paste secrets into a web form.
npub1q8fvq... # public key, safe to share
nsec1q9gx... # private key, keep offlineIn practice the nsec is your master password, whoever holds it controls your identity and can post as you.
Publish a Lightning Address for Zaps
Without a Lightning address, users can’t zap you. Alby gives you a custodial Lightning address you can drop straight into your Nostr profile.
# In Primal → Profile → Lightning Address
deinname@alby.comIn practice the address is an Alby subdomain that forwards incoming zaps to your wallet.
Connect a Nostr Client to Alby
NIP-07 works wherever the client asks the browser for signatures. Tested clients:
Primal web Snort social iris.to Damus iOS
Connecting (Primal example):
1. Open primal.net
2. Click "Login with Extension"
3. Alby pops up: "Allow primal.net to access your public key?"
4. Confirm → profile loadsIn practice the client never sees your private key, only the signed event you approve in the extension.
Send a Lightning Zap from Your Browser
Zaps are Lightning payments attached to Nostr events. They go directly to the recipient’s Lightning address without intermediaries.
# In Primal → any post → click ⚡
Amount: 21 sats
Message: "Keep building"
Confirm in AlbyIn practice the zap amount is denominated in satoshis and the payment settles in seconds.
Relay Setup for Reliable Delivery
Relays are servers that forward your posts to followers. More relays equals wider reach.
Default relays (automatic in most clients):
wss://relay.damus.io
wss://relay.nostr.band
wss://nos.lolPaid relay (better uptime, less spam):
wss://relay.primal.netIn practice you can add or remove relays in Alby’s Nostr settings without touching the client.
Privacy Without Anonymity by Default
Nostr is censorship-resistant but not anonymous. Your public key links every post you make.
| Item | Visibility |
|---|---|
| npub | Public, searchable |
| Posts | Public on every relay you use |
| DMs | Encrypted but metadata visible |
| Zaps | Public amount and direction |
For stronger privacy use a separate key for public posts and route traffic through Tor.
What I Actually Use
- Alby browser extension: because it’s the only NIP-07 signer that keeps my private key offline
- Primal web client: because it combines the best UX with built-in zap discovery
Alby + Nostr Zap Flow
Lightning payments with sovereign identity