Skip to content
Exa Docs

Authenticate

POST
/auth/authentication

Authenticates a user using a WebAuthn credential. This endpoint verifies the authentication response from the client, updates the credential counter, and sets a signed cookie for the authenticated session.

SIWE Authentication

Submit the signed SIWE message to prove ownership of an Ethereum address. The server validates the signature against the original challenge message, verifies the domain and nonce match the session, and checks the message hasn’t expired. On successful verification, a signed HTTP-only credential_id cookie is set for authenticated API access.

Parameters

Section titled “ Parameters ”
Section titled “Cookie Parameters ”
session_id
required
Session identifier

HTTP-only cookie.

string
/^[\w-]+$/

Request Body

Section titled “Request Body ”
Any of:
Sign-in with Ethereum
object
method
required
Method

Sign-in with Ethereum.

Allowed values: siwe
id
required
Address

Address to sign in with.

string
signature
required
Signature

Signature of the cryptographic challenge message.

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Authentication response with session expiry

object
credentialId
required
Base64URL encoded credential identifier
string
/^[\w-]+$/
factory
required
Account factory address
string
x
required
Credential public key x coordinate
y
required
Credential public key y coordinate
auth
required
Session expiry

When the authenticated session will expire.

number
expires
required
Session expiry (legacy)

This field is deprecated in favor of auth and will be removed in the next major version.

number