StandX Perps Authentication - Solana (SVM) Example
This example demonstrates how to authenticate with the StandX Perps API using a Solana wallet.
Prerequisites
- Node.js environment with TypeScript support
- Solana wallet with private key (base58-encoded)
- Required packages:
npm install @noble/curves @scure/base @solana/web3.js bs58
Complete Implementation
import { ed25519 } from "@noble/curves/ed25519";
import { base58 } from "@scure/base";
import bs58 from "bs58";
import { Keypair } from "@solana/web3.js";
// Types
export type Chain = "bsc" | "solana";
export interface SignedData {
domain: string;
uri: string;
statement: string;
version: string;
chainId: number;
nonce: string;
address: string;
requestId: string;
issuedAt: string;
message: string;
exp: number;
iat: number;
}
export interface LoginResponse {
token: string;
address: string;
alias: string;
chain: string;
perpsAlpha: boolean;
}
export interface RequestSignatureHeaders {
"x-request-sign-version": string;
"x-request-id": string;
"x-request-timestamp": string;
"x-request-signature": string;
}
// Authentication Class
export class StandXAuth {
private ed25519PrivateKey: Uint8Array;
private ed25519PublicKey: Uint8Array;
private requestId: string;
private baseUrl = "https://api.standx.com";
constructor() {
const privateKey = ed25519.utils.randomSecretKey();
this.ed25519PrivateKey = privateKey;
this.ed25519PublicKey = ed25519.getPublicKey(privateKey);
this.requestId = base58.encode(this.ed25519PublicKey);
}
async authenticate(
chain: Chain,
walletAddress: string,
signMessage: (msg: string, payload: SignedData) => Promise<string>
): Promise<LoginResponse> {
const signedDataJwt = await this.prepareSignIn(chain, walletAddress);
const payload = this.parseJwt<SignedData>(signedDataJwt);
const signature = await signMessage(payload.message, payload);
return this.login(chain, signature, signedDataJwt);
}
private async prepareSignIn(chain: Chain, address: string): Promise<string> {
const res = await fetch(
`${this.baseUrl}/v1/offchain/prepare-signin?chain=${chain}`,
{
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ address, requestId: this.requestId }),
}
);
const data = await res.json();
if (!data.success) throw new Error("Failed to prepare sign-in");
return data.signedData;
}
private async login(
chain: Chain,
signature: string,
signedData: string,
expiresSeconds: number = 604800 // default: 7 days
): Promise<LoginResponse> {
const res = await fetch(
`${this.baseUrl}/v1/offchain/login?chain=${chain}`,
{
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ signature, signedData, expiresSeconds }),
}
);
return res.json();
}
signRequest(
payload: string,
requestId: string,
timestamp: number
): RequestSignatureHeaders {
const version = "v1";
const message = `${version},${requestId},${timestamp},${payload}`;
const signature = ed25519.sign(
Buffer.from(message, "utf-8"),
this.ed25519PrivateKey
);
return {
"x-request-sign-version": version,
"x-request-id": requestId,
"x-request-timestamp": timestamp.toString(),
"x-request-signature": Buffer.from(signature).toString("base64"),
};
}
private parseJwt<T>(token: string): T {
const base64Url = token.split(".")[1];
const base64 = base64Url.replace(/-/g, "+").replace(/_/g, "/");
return JSON.parse(Buffer.from(base64, "base64").toString("utf-8"));
}
}
// Usage Example
async function main() {
// Initialize auth
const auth = new StandXAuth();
// Setup wallet from base58-encoded private key
const privateKey = process.env.SOLANA_PRIVATE_KEY!;
const walletKeypair = Keypair.fromSecretKey(bs58.decode(privateKey));
const walletAddress = walletKeypair.publicKey.toBase58();
// Authenticate
const loginResponse = await auth.authenticate(
"solana",
walletAddress,
async (message, payload) => {
const messageBytes = new TextEncoder().encode(message);
const signatureBytes = ed25519.sign(
messageBytes,
walletKeypair.secretKey.slice(0, 32) // First 32 bytes are the private key
);
// Solana requires a specific signature format
return Buffer.from(
JSON.stringify({
input: payload,
output: {
signedMessage: Array.from(messageBytes),
signature: Array.from(signatureBytes),
account: {
publicKey: Array.from(walletKeypair.publicKey.toBytes()),
},
},
})
).toString("base64");
}
);
console.log("Access Token:", loginResponse.token);
// Sign a request
const payload = JSON.stringify({
symbol: "BTC-USD",
side: "buy",
order_type: "limit",
qty: "0.1",
price: "50000",
time_in_force: "gtc",
reduce_only: false,
});
const headers = auth.signRequest(payload, crypto.randomUUID(), Date.now());
// Make authenticated request
await fetch("https://perps.standx.com/api/new_order", {
method: "POST",
headers: {
"Content-Type": "application/json",
Authorization: `Bearer ${loginResponse.token}`,
...headers,
},
body: payload,
});
}
main().catch(console.error);Key Points
-
Wallet Setup: Uses
@solana/web3.jsKeypair with a base58-encoded private key -
Message Signing: Uses
@noble/curves/ed25519for Ed25519 signing withwalletKeypair.secretKey.slice(0, 32)(first 32 bytes are the private key) -
Signature Format: Solana requires a specific JSON structure containing:
input: The original payload from the serveroutput.signedMessage: The message bytes as an arrayoutput.signature: The signature bytes as an arrayoutput.account.publicKey: The wallet’s public key bytes as an array
This JSON is then base64-encoded before being sent to the server.
Signature Format Explanation
Unlike EVM wallets that return a simple hex signature, Solana authentication requires a structured response:
{
input: payload, // Original SignedData from server
output: {
signedMessage: [...], // Message bytes as number array
signature: [...], // Ed25519 signature bytes as number array
account: {
publicKey: [...] // Wallet public key bytes as number array
}
}
}This format allows the server to verify both the signature and the signing account.
Environment Variables
Create a .env file with:
SOLANA_PRIVATE_KEY=your_base58_encoded_private_key_hereSecurity Note: Never commit private keys to version control. Use environment variables or secure key management solutions.