Authentication

Most of the market API queries require the use of an authentication token, which can easily be generated by Universe Owners signing with the corresponding private key.

The token is formed by signing the (salted) unix epoch time with the universe private key. Tokens are valid for 5 minutes. Basically:

const signature = sign( keccak256(`FreeverseB2BTokenSalt${time}`) );
const token = `${time}:${signature}`

The http header should look like this:

headers: { Authorization: Freeverse 1641573766:k8Ju+3z7f+HHX5/j5Cd9zsttpjH07mzlLp0ke29zjt12Tn58fqYLSiLqUi4/LaDvSeaGIM87Xm7Z8RgOR6191xs= }

It is up to each application to create such token with each request (the computational cost is negligible), or to refresh it when expired.

Here's some example code, extracted from the examples repository, which uses a couple of simple help functions in this NPM package.

const { getTokenDigest, composeToken } = require('freeverse-marketsigner-js');

const now = new Date().getTime() / 1000;
const tokenDigest = getTokenDigest({ time: now });

// sign with your favourite method,
// using explicit privKey in this example:
const signature = new Accounts().sign(tokenDigest, pvk);
const token = composeToken({ time: now, sig: signature.signature });

List of API Calls Requiring Authentication

The list below contains all the operations in the API that need Authentication to be executed: