Authentication

Most of the market API queries require the use of an authentication token, which can easily be generated by Universe Owners signing with the corresponding private key.
The token is formed by signing the (salted) unix epoch time with the universe private key. Tokens are valid for 5 minutes. Basically:
JavaScript
const signature = sign( keccak256(`FreeverseB2BTokenSalt${time}`) );
const token = `${time}:${signature}`
The http header should look like this:
headers: { Authorization: Freeverse 1641573766:k8Ju+3z7f+HHX5/j5Cd9zsttpjH07mzlLp0ke29zjt12Tn58fqYLSiLqUi4/LaDvSeaGIM87Xm7Z8RgOR6191xs= }
It is up to each application to create such token with each request (the computational cost is negligible), or to refresh it when expired.
This token authorizes universe owners to send transactions to the L2 nodes. In many GraphQL mutations, explicit asset owner signatures are also required, proving their explicit intent to trade their assets: owners' signatures are ultimately checked by the L2 nodes.
Here's some example code, extracted from the examples repository, which uses a couple of simple help functions in this NPM package.
NodeJS
const { getTokenDigest, composeToken } = require('freeverse-marketsigner-js');
​
const now = new Date().getTime() / 1000;
const tokenDigest = getTokenDigest({ time: now });
​
// sign with your favourite method,
// using explicit privKey in this example:
const signature = new Accounts().sign(tokenDigest, pvk);
const token = composeToken({ time: now, sig: signature.signature });
List of API Calls Requiring Authentication
The list below contains all the operations in the API that need Authentication to be executed:
Operation
Purpose
changeAlias
Change the alias of a web3 address
linkWeb3AddressToEmail
Binds a web3 address to an email. Explained in detail here.
linkOnboardingWeb3Address
Same as linkWeb3AddressToEmail but it adds the Onboarding EncryptedId (received by parameter) to the body of the email sent to the user.
unlinkWeb3Address
Removes the web3 address to an email (previously set through a linkWeb3AddressToEmail operation)
createAtomicBuyNowFromPutForSale
Same as createBuyNowFromPutForSale but allows you to create buyNows on batches.
createBuyNowPayment
Starts the payment for a sale operation. Explained here.

Operation	Purpose
`changeAlias`	Change the alias of a web3 address
`linkWeb3AddressToEmail`	Binds a web3 address to an email. Explained in detail here.
`linkOnboardingWeb3Address`	Same as `linkWeb3AddressToEmail` but it adds the Onboarding EncryptedId (received by parameter) to the body of the email sent to the user.
`unlinkWeb3Address`	Removes the web3 address to an email (previously set through a `linkWeb3AddressToEmail` operation)
`createAtomicBuyNowFromPutForSale`	Same as `createBuyNowFromPutForSale` but allows you to create buyNows on batches.
`createBuyNowPayment`	Starts the payment for a sale operation. Explained here.

Last modified 14d ago