Skip to main content

​
Overview

Wallet authentication uses the Sign-In with Ethereum (SIWE) standard to authenticate users via their wallet signature. After verification, the API sets an httpOnly session cookie for subsequent requests. This is the authentication method used by the Request Dashboard and is required for managing payee destinations and client IDs.

​
Supported Wallets

  • EVM wallets β€” MetaMask, WalletConnect, Coinbase Wallet, and any wallet supporting personal_sign
  • Tron wallets β€” TronLink (addresses starting with T...)
The API auto-detects the wallet type from the address format.

​
Challenge/Verify Flow

1

Request a challenge

Call POST /v1/auth/wallet/challenge with the wallet address. The API returns a SIWE-formatted message to sign.
curl -X POST "https://auth.request.network/v1/auth/wallet/challenge" \
  -H "Content-Type: application/json" \
  -d '{ "address": "0x6923831ACf5c327260D7ac7C9DfF5b1c3cB3C7D7" }'
Response (201)
{
  "challengeId": "01HXEXAMPLE123",
  "nonce": "a1b2c3d4e5f6",
  "message": "auth.request.network wants you to sign in with your Ethereum account:\n0x6923831ACf5c327260D7ac7C9DfF5b1c3cB3C7D7\n\nSign in to Request Network\n\nURI: https://auth.request.network\nVersion: 1\nChain ID: 1\nNonce: a1b2c3d4e5f6\nIssued At: 2026-03-15T10:00:00.000Z",
  "expiresAt": "2026-03-15T10:05:00.000Z"
}
The challenge expires after 5 minutes.
2

Sign the message

Sign the message field using the wallet’s signing capability.EVM (viem):
const signature = await walletClient.signMessage({
  account,
  message: challenge.message,
});
Tron (TronLink):
const signature = await tronWeb.trx.signMessageV2(challenge.message);
3

Verify the signature

Submit the signature back to complete authentication. The API sets a session cookie on success.
curl -X POST "https://auth.request.network/v1/auth/wallet/verify" \
  -H "Content-Type: application/json" \
  -c cookies.txt \
  -d '{
    "challengeId": "01HXEXAMPLE123",
    "nonce": "a1b2c3d4e5f6",
    "message": "auth.request.network wants you to sign in with your Ethereum account:...",
    "signature": "0x1234...abcdef"
  }'
On success, the response sets an httpOnly session cookie. Use this cookie for subsequent API calls.

​
Session Management

  • Session type: httpOnly, secure, sameSite=lax cookie
  • Wallet session timeout: 15 minutes idle timeout
  • Logout: POST /v1/auth/logout clears the session cookie

​
Email/Password Authentication

For programmatic access without a wallet, the API also supports email/password authentication:
  • POST /v1/auth/register β€” Create an account with email and password (8-100 chars)
  • POST /v1/auth/login β€” Login with email and password
  • POST /v1/auth/logout β€” Clear the session
Email/password sessions have a 30-day expiry.

Authentication

API key and Client ID authentication for API integrations.

Payee Destinations

Manage receiving routes (requires wallet session).