Verify
Auth
Verify
This endpoint completes the authentication process by verifying that the provided signature was created with the private key corresponding to the public key. Upon successful verification, a JWT access token is issued for making authenticated API calls.
Authentication Process
- The signature is verified against the challenge issued in the previous step
- If valid, the user’s account is created (if new) or retrieved
- A JWT access token is generated and returned
- The challenge is invalidated to prevent replay attacks
Token Usage
The returned JWT token should be included in subsequent API calls:
Authorization: Bearer <access_token>
Security Considerations
- Each challenge can only be used once
- The signature must be a valid secp256k1 signature
- The public key must match the one used to request the challenge
Arguments
public_key- The public key that was used to request the challengesignature- The hex-encoded secp256k1 signature of the challenge
Returns
200 OKwith the JWT access token400 Bad Requestif the request is malformed or authentication flow is incorrect403 Forbiddenif the signature is invalid404 Not Foundif no challenge exists for the public key500 Internal Server Errorif token generation fails
POST
Verify
Body
application/json
The public key and signature to verify ownership
Request body for verifying a signed authentication challenge.
Contains the public key and signature proving ownership of the corresponding private key.
The signature must be created by signing the challenge string received from the
/v1/auth/challenge endpoint.
Response
200
application/json
Challenge verified successfully and JWT token issued
Response containing the JWT access token for authenticated API calls.