• User Guide
    • Security Notes
      Security Notes
    • Online/Desktop Apps
      • Account Management
        • Create Account
          Create Account
        • Sign in to Account
          Sign in to Account
        • Recover Account
          Recover Account
        • Find Out Your Waves.Exchange Address
          Find Out Your Waves.Exchange Address
        • Create Personal Alias
          Create Personal Alias
        • Import From Waves Keeper
          Import From Waves Keeper
        • Use Ledger Nano Devices With Waves.Exchange
          Use Ledger Nano Devices With Waves.Exchange
        Account Management
      • Asset Management
        • Transfer Cryptocurrency
          • Transactions Tab
            Transactions Tab
          Transfer Cryptocurrency
        • Buy Cryptocurrency with a Bank Card
          • How to Use Advanced Cash
            How to Use Advanced Cash
          Buy Cryptocurrency with a Bank Card
        • Neutrino Governance
          Neutrino Governance
        • Stake Asset
          • OTC Service
            OTC Service
          • Swap WAVES/USDN
            Swap WAVES/USDN
          • How to Get USDN (Quick Guide)
            How to Get USDN (Quick Guide)
          • How to Get USDT (Quick Guide)
            How to Get USDT (Quick Guide)
          Stake Asset
        • Swap DeFo
          Swap DeFo
        • Neutrino Pools
          Neutrino Pools
        • Create Asset
          Create Asset
        • Distribute Asset
          Distribute Asset
        • Reissue Asset
          Reissue Asset
        • Change Reissuable to Not Reissuable
          Change Reissuable to Not Reissuable
        • Burn Asset
          Burn Asset
        • Sponsored Transaction
          Sponsored Transaction
        • Sponsored Fee
          Sponsored Fee
        Asset Management
      • Advanced Features
        • Script Transaction
          Script Transaction
        • JSON Confirmation
          JSON Confirmation
        Advanced Features
      • Start Trading on Waves.Exchange
        Start Trading on Waves.Exchange
      • Leverage
        Leverage
      Online/Desktop Apps
    • Mobile Apps
      • Account Management
        • Create Account
          Create Account
        • Sign in to Account
          Sign in to Account
        • Recover Account
          Recover Account
        • Find Out Your Waves.Exchange Address
          Find Out Your Waves.Exchange Address
        • Create Personal Alias
          Create Personal Alias
        Account Management
      • Asset Management
        • Transfer Cryptocyrrency
          Transfer Cryptocyrrency
        • Buy Cryptocurrency with a Bank Card
          Buy Cryptocurrency with a Bank Card
        • Stake WAVES
          Stake WAVES
        • Stake USDN
          Stake USDN
        • Burn Asset
          Burn Asset
        Asset Management
      • Start Trading on Waves.Exchange
        Start Trading on Waves.Exchange
      Mobile Apps
    User Guide
  • API and Library
    • CCXT
      CCXT
    • Fees
      Fees
    • Payment API
      Payment API
    • Web Auth API
      Web Auth API
    • Gateway API
      • Access Token
        • Get Access Token in Waves.Exchange App
          Get Access Token in Waves.Exchange App
        • POST /v1/oauth2/token
          POST /v1/oauth2/token
        Access Token
      • Deposit
        • GET /v1/deposit/addresses/{currency}
          GET /v1/deposit/addresses/{currency}
        • GET /v1/deposit/currencies
          GET /v1/deposit/currencies
        • GET /v1/deposit/currencies/{currency}
          GET /v1/deposit/currencies/{currency}
        • Terms of Deposit
          Terms of Deposit
        Deposit
      • Withdraw
        • GET /v1/withdraw/addresses/{currency}/{address}
          GET /v1/withdraw/addresses/{currency}/{address}
        • GET /v1/withdraw/currencies
          GET /v1/withdraw/currencies
        • GET /v1/withdraw/currencies/{currency}
          GET /v1/withdraw/currencies/{currency}
        • Terms of Withdrawal
          Terms of Withdrawal
        Withdraw
      • Movements History
        Movements History
      • Platforms List
        Platforms List
      • Crosschain Supply Consistency
        Crosschain Supply Consistency
      • Error Codes
        Error Codes
      Gateway API
    • Matcher
      • Waves.Exchange Protocol
        Waves.Exchange Protocol
      • Matcher Fee
        Matcher Fee
      • Install Matcher on Ubuntu From Deb-package
        Install Matcher on Ubuntu From Deb-package
      • Matcher Settings
        Matcher Settings
      • Matcher API
        • Order Validation
          Order Validation
        • Exchange Transation Validation
          Exchange Transation Validation
        Matcher API
      Matcher
    API and Library
  • Glossary
    Glossary
      • English
      • Русский
      On this page
        • Process
        • Details

          # Web Auth API

          If you want to authorize a user in your service by means of his Waves.Exchange account, here's the solution. You can redirect the user to the official Waves.Exchange app (https://waves.exchange (opens new window)) with certain query parameters including some arbitrary data for the user to sign.

          That might be needed in cases when you work with user personal data and want to be sure that a given blockchain account belongs to that user.

          # Process

          1. You add to your site the link as follows:

            https://waves.exchange#gateway/auth?r=https://example.com&n=ServiceName&d=0123456789abc&i=/img/logo.png&s=/wavesAuth.
            

            where:

            r=https://example.com - URL of your service.

            n=ServiceName - name of your service.

            d=0123456789abc - data signed with user's private key.

            i=/img/logo.png - path to the logo of your service.

            s=/wavesAuth - path to the method that redirects the user when the signature is successful.

          2. The user opens the link and gets redirected to the official Waves.Exchange app to login the system.

          3. After logging in the user provides to your site the access to the address and the data is signed with the user's private key.

          4. The user then gets redirected back to your site, along with the signature and user's public key.

          5. You check the validity of the signature against the data provided for the user.

          6. If everything is correct, the user is now authenticated in your service.

          # Details

          Due to the length limitations of the query string all parameters are expressed with one character.

          # Request

          Example

          https://waves.exchange#gateway/auth?r=https://example.com&n=ServiceName&d=0123456789abc&i=/img/logo.png&s=/wavesAuth
          

          Basic path is https://waves.exchange#gateway/auth. Then the query parameters go.

          # Referrer

          r=https://example.com — the URL of your service. It should be HTTPS-only. (Required)

          # Name

          n=Service%20Name — the name of your service. (Required)

          # Data

          d=randomChars — the data which is signed by the user's private key. (Required)

          # Icon path

          i=/path/to/the/icon.png — a path relative to the Referrer parameter. It hosts the logo of your app. (Optional)

          # Success path

          s=/path/to/an/API/method — a path to the method which redirects the user while the signing is successful. By default, the user is redirected to the referrer root. (Optional)

          # Debug mode

          debug=true — a flag to display error messages. (Optional)

          # Response

          Example

          https://example.com/?s=2w7QKSkxKEUwCVhx2VGrt5YiYVtAdoBZ8KQcxuNjGfN6n4fi1bn7PfPTnmdygZ6d87WhSXF1B9hW2pSmP7HucVbh&p=2M25DqL2W4rGFLCFadgATboS8EPqyWAN3DjH12AH5Kdr&a=3PCAB4sHXgvtu5NPoen6EXR5yaNbvsEA8Fj
          

          # Signature

          s=base58EncodedSignature — a signature of the data which is signed by the user's private key.

          # Public key

          p=base58EncodedPublicKey — user's public key.

          # Address

          a=base58EncodedAddress — user's Waves.Exchange address.

          # How to check signature validity

          Signed data consists of three objects Prefix string + URL host + Provided Data. Signature is taken from the data in the following order: a WavesWalletAuthentication string, then a string with your host parameter value, then a string with your data parameter value. All strings are converted to length bytes + value bytes as in Data Transactions. Prefix string and the host is required for security purposes if malicious service tries to use transaction data and signature from Auth API it would be useless to broadcast into blockchain.

          We also suggest address validation in case the signature and public key is valid but the address was swapped.

          See code examples in the Waves Keeper API (opens new window) article of the Waves protocol documentation.

          Payment API
          Gateway API
          Payment API
          Gateway API