# Login with Hivesigner Hivesigner allows you to sign transactions most secure way, so that applications you are using won't have direct access to your private keys while allowing you to perform actions within defined scopes. ### About the UI component When you login to Hivesigner, your private key is available within the interface to sign transaction and message, keys never leaves the browser. We never have access to your private keys. The `access_token` on Hivesigner are just simple message signed with Hive private keys and encoded in base64u. User Interface (UI) gives you easy way to handle your authorities and keys. Code is here: ### About the API component When you login to a website like [https://ecency.com](https://ecency.com/), [https://hive.blog](https://hive.blog/), [https://peakd.com](https://peakd.com/), etc. using Hivesigner, you are requested to Authorise the relevant **Hive** account [@ecency.app](https://ecency.com/@ecency), [@hive.blog](https://ecency.com/@hive.blog) or [@peakd.app](https://ecency.com/@peakd.app) which broadcasts posting operations on your behalf. This is a feature supported by the [Hive protocol](https://hive.io). If you go here you can see which account(s) you authorised and which authority you give them. The Hivesigner API hold the hive account [@hivesigner](https://ecency.com/@hivesigner) posting key, when you cast a vote on Ecency, Hiveblog or Peakd, `access_token` is being sent from those applications to Hivesigner API, the API then verifies that token, if it's valid, transaction is broadcasted using [@hivesigner](https://ecency.com/@hivesigner) posting key. This is possible using double delegation of posting authority, for example `@bob` authorize the `@ecency.app` account to do posting operation on `@bob` behalf and `@ecency.app` authorise `@hivesigner` to do posting operation on `@ecency.app` behalf. This flow is perfect for security and at any moment your keys are safe from malicious apps. Code is here: