Skip to content

Signature Scheme

Custom Payload Signature Scheme for Authenticated JSON RPC Service Access

This document specifies a method for authenticating requests to a JSON RPC service endpoint using a custom payload signature scheme. The scheme involves signing the request payload with an Ethereum key and including this signature in the request headers.

Note

This method is based off of Flashbot's X-Flashbots-Signature schema, and is compatible with it.

Introduction

This specification defines a method for authenticating requests made to a JSON RPC service endpoint. The authentication is achieved by signing the request payload using an Ethereum key and including this signature in the request's HTTP headers. This method ensures that the requests are authenticated and can be tracked over time for user statistics.

Terminology:

  • JSON RPC: A remote procedure call protocol encoded in JSON.
  • Ethereum Key: A cryptographic key used for signing transactions in the Ethereum blockchain.
  • Payload Signature: A digital signature generated by signing the request payload.
  • X-Ethereum-Signature: HTTP header used to include the payload signature for auction requests.

Specification:

Signature Generation:

  • The client MUST generate a digital signature by signing the hash of the JSON body of the request. The JSON body MUST be encoded as UTF-8 bytes before hashing.
  • Any valid Ethereum key CAN be used for signing the payload.
  • The Ethereum address associated with the key used for signing WILL be utilized by the service to track requests and provide user statistics.

Request Headers:

  • The client MUST include the generated signature in the request headers.
  • For auction requests, the signature MUST be included in the X-Ethereum-Signature header.
  • The headers X-Ethereum-Signature are CASE-INSENSITIVE.

Example Usage with cURL:

  • For auction requests:
curl -X POST -H "Content-Type: application/json" -H "X-Ethereum-Signature: 0x1234:0xabcd" --data '{"jsonrpc":"2.0","method":"eth_sendBundle","params":[...],"id":1}' <https://api.securerpc.com/v1/auction>

Example Data

{
    "jsonrpc": "2.0",
    "method": "eth_sendBundle",
    "params": [...],
    "id": 1
}