Authorization

API Key Authorization

One way to authorize your reqeusts is to use API keys. You can create an API key if you are already logged into the EVEDEX Exchange:

Click on your avatar in the upper right corner
Go to Settings → API → Create API Key

Once you have created an API key, you must include it in all private API requests by adding it to the x-api-key header:

x-api-key: your_api_key

JWT Token Authorization

Another approach to authorization is JWT Token usage. To submit orders to the exchange, the client must complete an authorization procedure (according to the EIP-4361: Sign-In with Ethereum protocol), which includes the following steps:

Get a nonce using the GET /auth/nonce method.
Generate the data for the authorization signature.
Sign the data using the user's crypto wallet.
Send the signed data to the POST /auth/user/sign-up method and receive a JWT (token field in the response)

Example of creating data and signature for authorization

function createSiweMessage(
  { address, uri, version, chainId, nonce, issuedAt }: {address: string, uri: string, version: string, chainId: number, nonce: string, issuedAt: string}
) {
  return `${uri} wants you to sign in with your Ethereum account:
${address}


URI: ${uri}
Version: ${version}
Chain ID: ${chainId}
Nonce: ${nonce}
Issued At: ${issuedAt}`;
}

const signer = await ethers.getSigner();
const message = `EVEDEX sign in`;
const address = await signer.getAddress();

const nonceRes = await fetch(`https://auth.evedex.com/auth/nonce`, {
  method: 'GET',
  headers: { accept: 'application/json' },
});
const { nonce } = await nonceRes.json();

const siweMessage = createSiweMessage({
  address: address,
  statement: `Sign in to https://exchange.evedex.com`,
  uri: 'https://exchange.evedex.com',
  version: '1',
  chainId: await signer.provider.getNetwork().then(({ chainId }) => chainId),
  nonce,
  issuedAt: new Date().toISOString(),
});
const signature = await signer.signMessage(siweMessage);

const response = await fetch(`https://auth.evedex.com/auth/user/sign-up`, {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    wallet: address,
    message: siweMessage,
    nonce,
    signature,
  }),
});
if (response.status >= 400) {
  throw new Error('Invalid auth');
}

const { token } = await response.json();

Important: Any request to the exchange REST API that requires an authorization JWT (accessToken) must include the header Authorization: Bearer {accessToken} (without the { }).

Since the accessToken JWT is valid for only a few minutes, it should be refreshed periodically. To do this:

When receiving a 401 code from any method that requires authorization, call the POST /auth/refresh method with the Authorization header set to Bearer {refreshToken} (without the { })
If the refreshToken is active, the response will return a new JWT, which should be used in place of the old accessToken and refreshToken
If the refreshToken is inactive and the method returns a 401 code, the user authorization procedure described above must be repeated

PreviousToolkit NextPublic Exchange Data

Last updated 20 days ago