JWT Authentication

Verify Signature and Authorize

Verify the wallet signature provided by the user, and generate JWT Token for authorization after successful verification.

HTTP Request

POST

/api/authorize

Request Frequency Restriction:

Recommended: no more than 3 times per second

Request Parameters

Name	Type	Required	Description
userAddress	string	Yes	User wallet address
signature	string	Yes	Wallet signature (hexadecimal format)
isTermAccepted	boolean	Yes	Whether to accept terms of service, must be true

Request Example

{
  "userAddress": "0xab7f6e97232d633689cf762989455cceb769587c69a9f09a23f537f5605f9e78",
  "signature": "77ac25a7a4e9c686447788d65e06366f11cc8d064fb2f8585bbce7b06cbd29b398f7b231cd4f838818688057236c9be2572b825d7d2b2d141594e7cffc98e40a1zTNoZKsgPhuhbBmPoAeD/D+135wtLJbw7luX1Nftd+M=",
  "isTermAccepted": true
}

Response Fields Description

Name	Type	Description
token	string	JWT Token for subsequent API request authentication
walletAddress	string	Wallet address

Response Example

{
  "code": 200,
  "message": "success",
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIweGFiN2Y2ZTk3MjMyZDYzMzY4OWNmNzYyOTg5NDU1Y2NlYjc2OTU4N2M2OWE5ZjA5YTIzZjUzN2Y1NjA1ZjllNzgiLCJpYXQiOjE3MDAwMDAwMDB9.xxx",
    "walletAddress": "0xab7f6e97232d633689cf762989455cceb769587c69a9f09a23f537f5605f9e78"
  }
}

Using Token

After obtaining the Token, include it in the request headers for subsequent private interface requests:

Authorization: Bearer {token}
X-Wallet-Address: {walletAddress}

Important Notes

Token has an expiration time, need to re-obtain after expiration
When using Token in frontend, need to add Bearer prefix
isTermAccepted must be true, otherwise authorization will fail
Signature verification failure will return an error

Error Response

{
  "code": 10003,
  "message": "Invalid signature",
  "data": null
}

{
  "code": 10011,
  "message": "Terms not accepted",
  "data": null
}