Authentication
This endpoint requires OAuth app credentials (client ID and client secret). The credentials are passed in the request body.
Request Body
Your OAuth app’s client ID
Your OAuth app’s client secret
The UUID of the identity that should sign the payload
The message/data to be signed. Maximum 10,000 characters.
Optional metadata to attach to the signature request for your own reference
How long the request is valid for, in seconds. Minimum: 60, Maximum: 3600 (1 hour), Default: 300 (5 minutes)
Response
Unique identifier for this signature request. Use this to poll for status.
ISO 8601 timestamp when this request expires
The public key for the identity that will be used to verify the signature
Code Example
import { createSignatureRequest } from "ave-sdk";
const config = {
clientId: "your_client_id",
clientSecret: "your_client_secret",
issuer: "https://aveid.net", // optional
};
// Create a signature request
const request = await createSignatureRequest(config, {
identityId: "user-identity-uuid",
payload: "Sign this message to authenticate",
metadata: { action: "login", timestamp: Date.now() },
expiresInSeconds: 300, // 5 minutes
});
console.log("Request ID:", request.requestId);
console.log("Public Key:", request.publicKey);
console.log("Expires at:", request.expiresAt);
Workflow
- Call this endpoint to create a signature request
- Redirect the user to Ave to sign:
https://aveid.net/sign?requestId={requestId}
- Poll the status endpoint to check if the user has signed
- Once signed, verify the signature using the verify endpoint
Error Responses
Error message describing what went wrong
Common Errors
401 Unauthorized - Invalid client_id or client_secret404 Not Found - Identity not found400 Bad Request - Identity does not have a signing key400 Bad Request - Payload exceeds maximum length (10KB)