Are you an LLM? Read llms.txt for a summary of the docs, or llms-full.txt for the full context.
verifyRequest – ERC-8128
Skip to content

verifyRequest

Verify an ERC-8128 signed HTTP request.

Usage

Pass an argument object with request, verifyMessage, nonceStore, and optional policy/setHeaders. The function returns a VerifyResult indicating success or failure.

import { verifyRequest } from '@slicekit/erc8128'
 
// Simple: request + required dependencies + policy
const result = await verifyRequest({
  request,
  verifyMessage,
  nonceStore,
  policy: {
  maxValiditySec: 300,
  },
})
 
if (result.ok) {
  console.log(`Authenticated: ${result.address} on chain ${result.chainId}`)
} else {
  console.log(`Failed: ${result.reason}`)
}

Returns

VerifyResult

An object indicating success or failure:

if (result.ok) {
  // Success — access verified data
  result.address   // Ethereum address
  result.chainId   // Chain ID
  result.label     // Signature label
  result.components // Signed components
  result.replayable // true if nonce-less
  result.binding   // "request-bound" or "class-bound"
} else {
  // Failure — check reason
  result.reason    // VerifyFailReason
  result.detail    // Optional detail message
}

Parameters

verifyRequest({
  request: Request,
  verifyMessage: VerifyMessageFn,
  nonceStore: NonceStore,
  policy?: VerifyPolicy,
  setHeaders?: (name: string, value: string) => void
): Promise<VerifyResult>

request

  • Type: Request

The Request to verify.

verifyMessage

Signature verification function (e.g. viem-compatible).

nonceStore

Replay protection store for non-replayable requests.

policy (optional)

Verification policy with rules for validation. Signatures are verified in the order they appear in Signature-Input after filtering to ERC-8128 keyIds and allowed policies. Use maxSignatureVerifications to cap how many candidates are tried (default: 3). If replayable: true, you must provide either replayableNotBefore or replayableInvalidated.

setHeaders (optional)

  • Type: (name: string, value: string) => void

Callback to set response headers. When provided, verifyRequest sets Accept-Signature with the required components for each supported policy.

Examples

These examples show strict, relaxed, and custom-component verification policies.

Strict Policy
const result = await verifyRequest({
  request,
  verifyMessage,
  nonceStore,
  policy: {
  label: 'eth',
  strictLabel: true,
  replayable: false,
  maxValiditySec: 60,
  maxNonceWindowSec: 60,
  clockSkewSec: 5,
  },
})