Verify
This endpoint completes the authentication process by verifying that the provided signature was created with the private key corresponding to the public key. Upon successful verification, a JWT access token is issued for making authenticated API calls.
Authentication Process
- The signature is verified against the challenge issued in the previous step
- If valid, the user’s account is created (if new) or retrieved
- A JWT access token is generated and returned
- The challenge is invalidated to prevent replay attacks
Token Usage
The returned JWT token should be included in subsequent API calls:
Authorization: Bearer <access_token>
Security Considerations
- Each challenge can only be used once
- The signature must be a valid secp256k1 signature
- The public key must match the one used to request the challenge
Arguments
public_key- The public key that was used to request the challengesignature- The hex-encoded secp256k1 signature of the challenge
Returns
200 OKwith the JWT access token400 Bad Requestif the request is malformed or authentication flow is incorrect403 Forbiddenif the signature is invalid404 Not Foundif no challenge exists for the public key500 Internal Server Errorif token generation fails
Body
The public key and signature to verify ownership
Request body for verifying a signed authentication challenge.
Contains the public key and signature proving ownership of the corresponding private key.
The signature must be created by signing the challenge string received from the
/v1/auth/challenge endpoint.
The public key used to sign the challenge. Must match the public key used in the challenge request.
"021eec911553028dded1ec644144cd3afee9d9bfe7846af3cf8e6d84f4b3102389"
Signature of the challenge string, encoded as hex. Must be a valid ECDSA signature created with the private key corresponding to the public key.
"304402203a7e5d4f8b2c9a1e6f0d5b8c4a9e7f2d1c8b5a4e9f0d6c5b3a2e1d0c9b8a7f02201f2e3d4c5b6a7980e9f0a1b2c3d4e5f67889a0b1c2d3e4f5a6b7c8d9e0f1a2b3"
Response
Challenge verified successfully and JWT token issued
Response containing the JWT access token for authenticated API calls.
JWT access token for making authenticated API calls.
This token should be included in the Authorization header as "Bearer
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIwMjFlZWM5MTE1NTMwMjhkZGVkMWVjNjQ0MTQ0Y2QzYWZlZTlkOWJmZTc4NDZhZjNjZjhlNmQ4NGY0YjMxMDIzODkiLCJleHAiOjE3MDUzNDUyMDB9.dGhlc2VhcmVub3RyZWFsdG9rZW5zYnV0anVzdGV4YW1wbGVz"