Skip to main content

Authentication

API Key Authentication

Most endpoints require an X-API-Key header:

curl https://crowdproof-api.azurewebsites.net/api/v1/reputation/0x1234... \
  -H "X-API-Key: did_live_abc123..."

API keys are created via the portal or the Billing API.

Protected endpoints (DID updates, credential issuance) require a JWT obtained via SIWE:

POST /api/v1/auth/siwe
Content-Type: application/json

{
  "message": "crowdproof.id wants you to sign in with your Ethereum account...",
  "signature": "0x1234..."
}

Response

{
  "token": "eyJhbGciOiJIUzI1NiIs...",
  "expiresAt": "2026-03-01T00:00:00Z"
}

Use the token as Authorization: Bearer <token> on subsequent requests.

Validation Rules

Message: max 4KB
Signature: hex format with 0x prefix, max 200 characters

API Key Authentication
Sign-In with Ethereum (SIWE)
- Response
- Validation Rules