Auth API in moralis

Hello all,

I am trying out to use Auth API(https://docs.moralis.io/moralis-dapp/users/auth-api) in my web app.

I would like to know where to get “X-API-Key” on moralis admin dashboard

You can get that form web3api interface, it is the same api key that you use for web3api requests

Also, make sure to change the dates in that request when you try it.

1 Like


It keeps responding the following error code.

statusCode 400
name “NotFoundException”
message “Cannot POST /challenge”

try it directly in this interface until you learn how to make it work:
https://authapi.moralis.io/api-docs/#/challenge/requestChallengeEvm

Thanks a lot @cryptokid :pray:

@cryptokid

When I change https://authapi.moralis.io/challenge to https://authapi.moralis.io/challenge/request/evm, it works.But in docs https://authapi.moralis.io/challenge is described.

1 Like
try {
            // Auth Challenge
            const challengeRequest = await fetch("https://authapi.moralis.io/challenge/request/evm", {
                    method: 'POST',
                    headers: {
                        'accept': 'application/json',
                        'X-API-Key': MY_API_KEY,
                        'Content-Type': 'application/json'
                    },
                    body: JSON.stringify({
                        "domain": "admin.moralis.io",
                        "chainId": 80001,
                        "address": "0xC63778B4A9C8E1A6751df3468Eb6DDA79e91061f",
                        "statement": "Please confirm",
                        "uri": "https://admin.moralis.io/",
                        "expirationTime": "2023-01-01T00:00:00.000Z",
                        "notBefore": "2023-01-01T00:00:00.000Z",
                        "resources": [
                            "https://docs.moralis.io/"
                        ],
                        "timeout": 15
                    })
                });
                
            const challengeResult = await challengeRequest.json();
            const message = challengeResult.message;

            const provider = new ethers.providers.Web3Provider(window.ethereum);
            await provider.send("eth_requestAccounts", []);
            const signer = provider.getSigner();
            const signature = await signer.signMessage(message);

            // const verifier = await verifyApi(message, signature);
            // Verify Challenge
           // https://authapi.moralis.io/challenge/complete does not work.

            const verifyyRequest = await fetch("https://authapi.moralis.io/challenge/verify/evm", {
                method: 'POST',
                headers: {
                    'accept': 'application/json',
                    'X-API-Key': MY_API_KEY,
                    'Content-Type': 'application/json'
                },
                body: JSON.stringify({message, signature })
            });

            const verifier = await verifyyRequest.json();
            console.log("verifier", verifier);

        } catch (error) {
            console.log("verifier error: ", error);
        }

Using this code, I tried to verify by signing message (tried using also online message signer).Same result on this interface as well(https://authapi.moralis.io/api-docs/#/challenge/verifyChallengeEvm).It always yields this error.

message: "Invalid Signature"
name: "BadRequestException"​
statusCode: 400

It is not going to work before 2023 based on this field

1 Like

https://authapi.moralis.io/challenge/complete
should be changed to https://authapi.moralis.io/challenge/verify/evm in docs

Thanks @cryptokid Really appreciated. everything is working properly.

3 Likes