π²Sign in With X
To verify a customer's externally-owned account ownership, we require a challenge to be signed with the private key. This mechanism is outlined in CAIP-122, originally known as "Sign in With Ethereum" (SIWE) but expanded to support other blockchains. When a new customer object is created in our system, we generate a challenge following the standardised structure, expecting it to be signed and verified before proceeding with user onboarding. The challenge returned by the endpoint is a Base64-encoded string.
Creates new customer and generates a cryptographic challenge to verify ownership of blockchain account
HTTP message signature
HTTP message signature input
Idempotency key (UUID)
Content digest
Unique customer ID in a form of a valid on-chain address. This would normally correspond to customer's EOA wallet address
eip155:1:0xab16a96D359eC26a11e2C2b3d8f8B8942d5BfcdbUnique customer ID in a form of an external identifier. This would normally correspond to customer's ID in your system
Successful operation
Invalid request
Not authorised
Customer already exists
Internal error
When a new user is created on supported chains, you will receive a Base64 encoded challenge, which resembles the following:
In order to proceed with ownership verification, your customer needs to sign this challenge with their private key. Please, follow SIWE documentation to learn more about signing SIWE challenges using community supported libraries. For testing purposes, you can use MyCrypto signing tools to sign a challenge for test accounts.
If everything was successful, you will have a HEX-formatted signature ready to be submitted to our API. For example, if using MyCrypto, it will produce a following message for the above challenge:
To submit a signed challenge, please encode a HEX signature as Base64 string and send it using the corresponding endpoint.
Signs previously issued challenge to verify customer's ownership of their blockchain account
Unique customer ID
HTTP message signature
HTTP message signature input
Idempotency key (UUID)
Content digest
Cryptographic signature generated using owner's EOA private key according to chain-specific algorithm. Signature is used for signing on-chain transactions such as creating a new account, authorising a recurring payment or setting up spending limits
Unique signer account ID in a form of a valid on-chain address
eip155:1:0xab16a96D359eC26a11e2C2b3d8f8B8942d5BfcdbOriginal base64 encoded challenge provided by this API for owner to sign
LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZZd0VBWUhLb1pJemowQ0FRWUZLNEVFQUFvRFFnQUUzTEw1RldmVFgvL3BJaXNEL0xneFVIT2lxdlFTSUVWTgpGekloOTdLZXBlWk1iZVZsUGd1akZ4Yk5MN2x1ZVhRQnBpUWUzNmZLN0xSbXZNNHdEaWZFTkE9PQotLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0=Base64 encoded signature
IfvwaW1eCqLvQaK0/7YjvK8HBGHWHPclHHQWH4L+w6Q3CFS8CjSzq0h8G8AhzTGMc0xRrik3TyvrDm8t1JtL9Bw=Successful operation
Invalid request
Not authorised
Customer not found
Challenge already signed
Internal error
No content
If, for any reason, the original challenge is lost or cannot be signed immediately, you can fetch it again using a dedicated endpoint. If we encounter an error during signature validation via /sign endpoint, a new challenge will be issued for you to retrieve.
We enforce a 1 hour expiration window via our API for all issued challenges for security purposes. If a challenge hasn't been signed within 1 hour from issue, we will generate a new one and make it available through this endpoint.
Retrieves challenge to verify customer's ownership of their blockchain account
Unique customer ID
HTTP message signature
HTTP message signature input
Successful operation
Invalid request
Not authorised
Customer not found
Internal error
Last updated