Authentication

As a permissionless protocol, authenticating to funkybit is performed simply by signing a message with an ECDSA key pair. Both EVM and Bitcoin signatures (either legacy or bip322) are supported, albeit with slightly different message formats.

To authenticate to the REST API, send a Authorization: Bearer <AUTH-TOKEN>HTTP header.

To authenticate to the Websocket API, use wss://api.funkybit.fun/connect?auth=<AUTH-TOKEN>as the websocket connection URL.

Given an ECDSA key pair and the associated EVM address or Bitcoin address in either P2SH (1-of-1 multisig), P2PKH, P2SH-P2WPKH, P2WPKH or P2TR format, define this sign-in message:

const signInMessage = {
    message: '[funkybit] Please sign this message to verify your ownership of this wallet address. This action will not cost any gas fees.',
    address: `${address.toLowerCase()}`,
    chainId: chainId,
    timestamp: new Date().toISOString()
}

EVM Signature

Sign the following EIP-712 message (any valid chain id can be used):

{
  domain: {
    name: 'funkybit',
    chainId: chainId
  },
  types: {
    EIP712Domain: [
      { name: 'name', type: 'string' },
      { name: 'chainId', type: 'uint32' }
    ],
    'Sign In': [
      { name: 'message', type: 'string' },
      { name: 'address', type: 'string' },
      { name: 'chainId', type: 'uint32' },
      { name: 'timestamp', type: 'string' }
    ]
  },
  message: signInMessage,
  primaryType: 'Sign In'
}

Bitcoin Signature

Define this message:

const message = `${signInMessage.message}\nAddress: ${address}, Timestamp: ${new Date().toISOString()}`

For a P2SH, P2PKH, or P2SH-P2WPKH format address, sign this message as a legacy Bitcoin message signature. For P2WPKH or P2TR, sign this message using BIP-322.

Auth Token

Now construct the auth token as:

const authToken = `${signInMessageBody}.${signature}`

where signInMessageBody is simply signInMessage converted to a JSON string and base64url-encoded.