🔐Authentication
Overview
While our protocol is fully open, all communications with our API will require authentication. If you're more interested in just reading the data to build something, you can use our subgraphs.
A Raft token (NFT) is the authorization token needed to create badges withing your account. Please fill out this form to apply for a Raft token and one of our team members will contact you ASAP and help you get setup.
Integration types
Server-side integrations
Once you have obtained a Raft Token, you can generate an API key via the settings page of your Raft.
Generating an API Key
Sign in to https://beta.otterspace.xyz/ and navigate to your Raft's settings page via the drop-down menu.
Click the edit icon to access Raft settings.
Go to "API" tab
Enter a name for your app and then click "Generate key"
Note that this key is only viewable/copy-able only once i.e., upon generation. If you lose it, you would need to generate a new one and delete the old one
IMPORTANT: you should do everything to secure your API key and it should be easily accessible to exposed unauthorized parties
Note that only the API routes under /external
are accessible with this API key for server side integrations. You will need to provide a header ‘Authorization’ that contains an API key as a Base64 string. Using the raw string of the API key from the UI will not work, unless it is base64 encoded. You can use this tool to help convert it.
Client-side integrations
If you're building a client-side integration i.e., a web application without a server-side componenet for instance, you will need to use a different authentication flow called SIWE or Sign-in With Ethereum.
Note: API access for client-side integrations not fully open. Please contact us via email or discord to discuss your requirements and your access.
Step 1: Retrieve a nonce
Request
Response
Step 2: Sign-in
Request
Response
message field in the request is composed standardised off-chain authentication message proposed in EIP-4361. It is an object that have certain fields like address
, chainId
, nonce
, domain
etc. This standardised message is of type SiweMessage
from the siwe
library.
signature field in the request body is signed version of the message
created by the wallet of the user. Simply put a message
is signed by the user's private key and then signature
is verified on the API side using user's public key. Concept is called elliptic curve cryptography. For a programmatic message signing please check the section below.
IMPORTANT: For authentication of further requests to API please provide
Cookie
HTTP Header. You can extract the cookie from response’s headerSet-Cookie
.
✍🏼 Programmatic message generation and signing with siwe/ethers.js
Last updated