Quick Start

Learn to sign and verify HTTP requests with ERC-8128 in 5 minutes.

1. Install

Add @slicekit/erc8128 to your project:

bun

bun add @slicekit/erc8128

2. Sign a Request

Create a signer from an Ethereum account, wrap it in a client, and use client.fetch to sign and send requests.

main.ts

import { client } from './client'
 
const response = await client.fetch(
  'https://api.example.com/orders',
  {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({ side: 'buy', amount: '1.5' }),
  }
)

The signed request has these headers added:

Signature-Input — Components and parameters
Signature — Ethereum signature
Content-Digest — SHA-256 hash of body

3. Verify Request

On the server, use createVerifierClient to bind a nonce store and a message verification function. The result contains the authenticated address and chain ID.

verify.ts

import { verifier } from './client'
 
const result = await verifier.verifyRequest({ request: request })
 
if (result.ok) {
  console.log(`Authenticated: ${result.address} on chain ${result.chainId}`)
} else {
  console.log(`Failed: ${result.reason}`)
}

What Just Happened?

Client signed the request — The signature covers @authority, @method, @path, @query, and content-digest. Any tampering fails verification.
Automatic nonce — By default, a unique nonce is generated for replay protection.
Server verified — The server reconstructed the signature base, verified the Ethereum signature, and checked the nonce wasn't reused.

Defaults

Setting	Default	Meaning
`binding`	`"request-bound"`	Sign all applicable components
`replay`	`"non-replayable"`	Include auto-generated nonce
`ttlSeconds`	`60`	Signature valid for 1 minute
`label`	`"eth"`	Signature label in headers

Next Steps

Concepts Overview — Understand request binding and replay protection
Signing Requests — Full guide with all options
Verifying Requests — Production verification setup
Smart Contract Accounts — Using ERC-1271 signers