search
WebsiteExchangeEarly Bird ActivitiesAffiliateLearning CenterBlog
gitlabEdit

Authorization

hashtag
API Key Authorization

One way to authorize your reqeusts is to use API keys. You can create an API key if you are already logged into the EVEDEX Exchange:

  • Click on your avatar in the upper right corner

  • Go to SettingsAPICreate API Key

Once you have created an API key, you must include it in all private API requests by adding it to the x-api-key header:

x-api-key: your_api_key

hashtag
JWT Token Authorization

Another approach to authorization is JWT Token usage. To submit orders to the exchange, the client must complete an authorization procedure (according to the EIP-4361: Sign-In with Ethereumarrow-up-right protocol), which includes the following steps:

  1. Get a nonce using the GET /auth/noncearrow-up-right method.

  2. Generate the data for the authorization signature.

  3. Sign the data using the user's crypto wallet.

  4. Send the signed data to the POST /auth/user/sign-uparrow-up-right method and receive a JWT (token field in the response)

chevron-rightExample of creating data and signature for authorizationhashtag
function createSiweMessage(
  { address, uri, version, chainId, nonce, issuedAt }: {address: string, uri: string, version: string, chainId: number, nonce: string, issuedAt: string}
) {
  return `${uri} wants you to sign in with your Ethereum account:
${address}


URI: ${uri}
Version: ${version}
Chain ID: ${chainId}
Nonce: ${nonce}
Issued At: ${issuedAt}`;
}

const signer = await ethers.getSigner();
const message = `EVEDEX sign in`;
const address = await signer.getAddress();

const nonceRes = await fetch(`https://auth.evedex.com/auth/nonce`, {
  method: 'GET',
  headers: { accept: 'application/json' },
});
const { nonce } = await nonceRes.json();

const siweMessage = createSiweMessage({
  address: address,
  statement: `Sign in to https://exchange.evedex.com`,
  uri: 'https://exchange.evedex.com',
  version: '1',
  chainId: await signer.provider.getNetwork().then(({ chainId }) => chainId),
  nonce,
  issuedAt: new Date().toISOString(),
});
const signature = await signer.signMessage(siweMessage);

const response = await fetch(`https://auth.evedex.com/auth/user/sign-up`, {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    wallet: address,
    message: siweMessage,
    nonce,
    signature,
  }),
});
if (response.status >= 400) {
  throw new Error('Invalid auth');
}

const { token } = await response.json();

Important: Any request to the exchange REST API that requires an authorization JWT (accessToken) must include the header Authorization: Bearer {accessToken} (without the { }).

Since the accessToken JWT is valid for only a few minutes, it should be refreshed periodically. To do this:

  1. When receiving a 401 code from any method that requires authorization, call the POST /auth/refresharrow-up-right method with the Authorization header set to Bearer {refreshToken} (without the { })

  2. If the refreshToken is active, the response will return a new JWT, which should be used in place of the old accessToken and refreshToken

  3. If the refreshToken is inactive and the method returns a 401 code, the user authorization procedure described above must be repeated

PreviousToolkitNextPublic Exchange Data

Last updated