We follow EIP-1271 to verify signatures and use EIP-712 to present the messages used for signing.
There are 3 message types:
- Register(address key, string message, uint64 nonce) (key is wallet address)
- Withdraw(address sender, address token, uint128 amount, uint64 nonce) (token is USDC contract address from chain config
- Order(address sender, uint128 size, uint128 price, uint64 nonce, uint8 productIndex, uint8 orderSide)
Nonce should be the current timestamp in nanoseconds in all messages and unique across all requests.
APIs that require signing messages.
- POST /users/register
- POST /orders
- POST /transfers/withdraw
To sign the messages, you can follow the script here
To sign register messages using Safe smart contract, you can follow the script here