Authorization

Welcome to the Authorization section of the API documentation. This documentation is designed to guide you through the process of authorizing access to our API endpoints. To access the RE:DREAMER API endpoints, you will need either an API key or a JWT token. The authorization method you use will depend on the endpoint you are accessing.

  • API Key For most endpoints, you can authorize using an API key. To obtain an API key, please contact our support team at contact@redreamer.io.

  • JWT Token For endpoints that require user authorization, such as redeeming an NFT, you will need to provide a JWT token in the request header. To obtain a JWT token, follow the instructions outlined in the Login section below.

It is important to keep your API key and JWT token secure, as they provide access to your account and the RE:DREAMER API. Please do not share your API key or JWT token with unauthorized users.

Login

STEP 1: Get a nonce by given address

To start the authorization process, you need to get a nonce by providing a valid address. This nonce will be used to sign your request in the next step. You can make a GET request to the following endpoint to obtain a nonce:

Get a nonce by given address

GET /api/v1/auth/nonce

Query Parameters

NameTypeDescription

address*

String

The wallet address of the user

network*

String

Unique identifier of the network. Currently only eth is supported.

{
    "nonce": "72452fa3-dbc6-44ae-8108-1dfb7edc1582"
}

cURL command

curl --location 'https://testnet-api.redreamer.io/api/v1/auth/nonce?address=${address}' \
--header 'Accept: application/json'

Example response

{
    "nonce": "72452fa3-dbc6-44ae-8108-1dfb7edc1582"
}

STEP 2: Get the signature

After obtaining the nonce, you need to sign the following message by using the private key of the wallet address which will be used to login.

${address} ${nonce}

Before you can proceed with the following steps, you will need to install the Metamask extension and create a wallet address.

Metamask Playground

You can sign the message without building the UI by using Metamask Playground. Please follow these steps:

  1. Go to Metamask Playground.

  2. Click INSPECTOR button in the bottom right corner.

  3. Copy the JSON below and paste it to playground inspector.

    {
    "jsonrpc": "2.0",
    "method": "eth_requestAccounts"
}

  4. Click Play button to connect to the wallet. This step will trigger a popup if Metamask wallet extension is installed in the web browser.

  5. Select the wallet that will be connected and click Next button.

  6. Click Connect button to connect the wallet.

  7. Copy the JSON below and paste it to playground inspector.

    {
    "jsonrpc": "2.0",
    "method": "personal_sign",
    "params": [
        "${address} ${nonce}",
        "${address}"
    ],
    "id": 0
}

  8. Replace ${address} with the wallet address which will be used for login and replace ${nonce} with the nonce from STEP 1.

  9. Click Play button to sign the message. This step will trigger popup if Metamask wallet extension is installed in the web browser.

  10. Click Sign button in the popup.

  11. In Metamask Playground, see the response payload and get the signature from the result. Example response can be seen below.

    {
  "jsonrpc": "2.0",
  "result": "0xef128476f6e17bc32ead6bddf3daf329c018d03ffc7ebb449c4fc30e36bbb65b20fe38a4303cf718fd1ec1ac675fcea86056d541cd2f88d5bfd2e73e52c2ead21c",
  "id": 0
}

Build your own web app

In order to sign the message with your own UI. You can follow up the steps mentioned in the following tutorials.

  1. Connect Metamask to your web app.

  2. Sign the message with the connected wallet's private key.

For managing multiple wallets, e.g. Metamask, Gnosis, Coinbase wallet, we recommend to use web3-react packages which is developed by Uniswap.

STEP 3: Login to get JWT token

After obtaining the signature from the result of STEP 2, you can make a POST request to the following endpoint to obtain a JWT token.

Login to get JWT

POST /api/v1/auth/login

Request Body

NameTypeDescription

address*

String

The address of the user

signature*

String

Result from signing the message ${address} ${nonce} by using the wallet private key


{
    "refresh_token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhZGRyZXNzIjoiMHg4NWI3Y2ExNjFjMzExZDlhNWYwMDc3ZDUwNDhjYWRmYWNlODlhMjY3IiwiZXhwIjoxNjUwNDMzNzY4LCJpYXQiOjE2NTAzNDczNjgsImlzcyI6InJlZHJlYW1lciIsInNjb3BlcyI6IiJ9.sMMuM0bCJjHs7DedWZd8w-2BWzovuBuCxgZwMW20TIwKSkrkue2T-9ecgW-8_TCsGoleiQa6DSDbQKq3_kQmjA",
    "token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhZGRyZXNzIjoiMHg4NWI3Y2ExNjFjMzExZDlhNWYwMDc3ZDUwNDhjYWRmYWNlODlhMjY3IiwiZXhwIjoxNjUwMzUwOTY4LCJpYXQiOjE2NTAzNDczNjgsImlzcyI6InJlZHJlYW1lciIsInNjb3BlcyI6IiJ9.WWjCMbpWkpbzQulgqOQz5JqnC1lTEFG2_CTeFW21A8q7AKeEI_l2_ptqiG7lpcOCmojFW_3Zi3VAimO1k214cw"
}

cURL command

curl --location 'https://testnet-api.redreamer.io/api/v1/auth/login' \
--header 'Accept: application/json' \
--header 'Content-Type: text/plain' \
--data '{
    "address": "${address}",
    "signature": "${signature}"
}'

Example response

{
    "token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhZGRyZXNzIjoiMHhmZDM2NGRmMGZkNGE2NTNiNTA5NTVlMGI1NGIyM2I0MTJkOGEyOThlIiwiZXhwIjoxNjc2ODg1ODk4LCJpYXQiOjE2NzY4ODIyOTgsImlzcyI6InJlZHJlYW1lciIsInNjb3BlcyI6ImNvbnNvbGU6cGFzc3BvcnQ6Y2FtcGFpZ246cmVhZCxjb25zb2xlOnBhc3Nwb3J0OmNhbXBhaWduOndyaXRlLGNvbnNvbGU6cGFzc3BvcnQ6cmVwb3J0OnJlYWQsY29uc29sZTpyZWRlZW1jZW50ZXI6Y2FtcGFpZ246cmVhZCxjb25zb2xlOnJlZGVlbWNlbnRlcjpjYW1wYWlnbjp3cml0ZSxjb25zb2xlOnJlZGVlbWNlbnRlcjpyZXBvcnQ6cmVhZCxjb25zb2xlOm1ldGFkYXRhOnJlYWQsY29uc29sZTptZXRhZGF0YTp3cml0ZSxjb25zb2xlOmFwaWtleTpyZWFkLGNvbnNvbGU6YXBpa2V5OndyaXRlLGNvbnNvbGU6cmV2ZXJzZTpyZWFkLGNvbnNvbGU6cmV2ZXJzZTp3cml0ZSJ9.JUmCvcJuxdUx1rljJXV_Y6A-Am4Rha8Aur9KBjFOebbCfdaDkhUiXtpkcdh3IKE7dhBMSouRmkHwKputDccgDw",
    "refresh_token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhZGRyZXNzIjoiMHhmZDM2NGRmMGZkNGE2NTNiNTA5NTVlMGI1NGIyM2I0MTJkOGEyOThlIiwiZXhwIjoxNjc2OTY4Njk4LCJpYXQiOjE2NzY4ODIyOTgsImlzcyI6InJlZHJlYW1lciIsInNjb3BlcyI6ImNvbnNvbGU6cGFzc3BvcnQ6Y2FtcGFpZ246cmVhZCxjb25zb2xlOnBhc3Nwb3J0OmNhbXBhaWduOndyaXRlLGNvbnNvbGU6cGFzc3BvcnQ6cmVwb3J0OnJlYWQsY29uc29sZTpyZWRlZW1jZW50ZXI6Y2FtcGFpZ246cmVhZCxjb25zb2xlOnJlZGVlbWNlbnRlcjpjYW1wYWlnbjp3cml0ZSxjb25zb2xlOnJlZGVlbWNlbnRlcjpyZXBvcnQ6cmVhZCxjb25zb2xlOm1ldGFkYXRhOnJlYWQsY29uc29sZTptZXRhZGF0YTp3cml0ZSxjb25zb2xlOmFwaWtleTpyZWFkLGNvbnNvbGU6YXBpa2V5OndyaXRlLGNvbnNvbGU6cmV2ZXJzZTpyZWFkLGNvbnNvbGU6cmV2ZXJzZTp3cml0ZSJ9.7a1sBY5UNPetRW1hKKDUMu-G6zp9Go9xbL28VE_TlLdyQ12KiNSO2Ry30vJXoCxHRoHSq3ficc6Akc3QVA8CUw"
}

Refresh token

In order to continue using the RE:DREAMER API after the JWT (JSON Web Token) has expired, you must refresh the token.

The JWT is valid for 1 hour and the refresh token is valid for 24 hours.

Refresh token

To refresh the token, send a POST request to the following endpoint:

Refresh JWT

POST /api/v1/auth/refresh

Request Body

NameTypeDescription

refresh_token*

String

The refresh token provided in the previous login step.

{
    "refresh_token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhZGRyZXNzIjoiMHg4NWI3Y2ExNjFjMzExZDlhNWYwMDc3ZDUwNDhjYWRmYWNlODlhMjY3IiwiZXhwIjoxNjUwNDMzNzY4LCJpYXQiOjE2NTAzNDczNjgsImlzcyI6InJlZHJlYW1lciIsInNjb3BlcyI6IiJ9.sMMuM0bCJjHs7DedWZd8w-2BWzovuBuCxgZwMW20TIwKSkrkue2T-9ecgW-8_TCsGoleiQa6DSDbQKq3_kQmjA",
    "token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhZGRyZXNzIjoiMHg4NWI3Y2ExNjFjMzExZDlhNWYwMDc3ZDUwNDhjYWRmYWNlODlhMjY3IiwiZXhwIjoxNjUwMzUwOTY4LCJpYXQiOjE2NTAzNDczNjgsImlzcyI6InJlZHJlYW1lciIsInNjb3BlcyI6IiJ9.WWjCMbpWkpbzQulgqOQz5JqnC1lTEFG2_CTeFW21A8q7AKeEI_l2_ptqiG7lpcOCmojFW_3Zi3VAimO1k214cw"
}

If the refresh token is not valid, the API will respond with an error message indicating that the token is invalid or has expired. In this case, you will need to re-authenticate by logging in again.

cURL command

curl --location 'https://testnet-api.redreamer.io/api/v1/auth/refresh' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{
    "refresh_token": "${refresh_token}"
}'

Example response

{
    "token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhZGRyZXNzIjoiMHhmZDM2NGRmMGZkNGE2NTNiNTA5NTVlMGI1NGIyM2I0MTJkOGEyOThlIiwiZXhwIjoxNjc2ODg2MTU3LCJpYXQiOjE2NzY4ODI1NTcsImlzcyI6InJlZHJlYW1lciIsInNjb3BlcyI6ImNvbnNvbGU6cGFzc3BvcnQ6Y2FtcGFpZ246cmVhZCxjb25zb2xlOnBhc3Nwb3J0OmNhbXBhaWduOndyaXRlLGNvbnNvbGU6cGFzc3BvcnQ6cmVwb3J0OnJlYWQsY29uc29sZTpyZWRlZW1jZW50ZXI6Y2FtcGFpZ246cmVhZCxjb25zb2xlOnJlZGVlbWNlbnRlcjpjYW1wYWlnbjp3cml0ZSxjb25zb2xlOnJlZGVlbWNlbnRlcjpyZXBvcnQ6cmVhZCxjb25zb2xlOm1ldGFkYXRhOnJlYWQsY29uc29sZTptZXRhZGF0YTp3cml0ZSxjb25zb2xlOmFwaWtleTpyZWFkLGNvbnNvbGU6YXBpa2V5OndyaXRlLGNvbnNvbGU6cmV2ZXJzZTpyZWFkLGNvbnNvbGU6cmV2ZXJzZTp3cml0ZSJ9.-2gZ9vUuLJRLhXH7sD37EiemQkgcdX3BmN2VNExiJpM9oAQiYuzOm00AzatjkHSi9alMV7FYq9DmIO8zicTj9A",
    "refresh_token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhZGRyZXNzIjoiMHhmZDM2NGRmMGZkNGE2NTNiNTA5NTVlMGI1NGIyM2I0MTJkOGEyOThlIiwiZXhwIjoxNjc2OTY4OTU3LCJpYXQiOjE2NzY4ODI1NTcsImlzcyI6InJlZHJlYW1lciIsInNjb3BlcyI6ImNvbnNvbGU6cGFzc3BvcnQ6Y2FtcGFpZ246cmVhZCxjb25zb2xlOnBhc3Nwb3J0OmNhbXBhaWduOndyaXRlLGNvbnNvbGU6cGFzc3BvcnQ6cmVwb3J0OnJlYWQsY29uc29sZTpyZWRlZW1jZW50ZXI6Y2FtcGFpZ246cmVhZCxjb25zb2xlOnJlZGVlbWNlbnRlcjpjYW1wYWlnbjp3cml0ZSxjb25zb2xlOnJlZGVlbWNlbnRlcjpyZXBvcnQ6cmVhZCxjb25zb2xlOm1ldGFkYXRhOnJlYWQsY29uc29sZTptZXRhZGF0YTp3cml0ZSxjb25zb2xlOmFwaWtleTpyZWFkLGNvbnNvbGU6YXBpa2V5OndyaXRlLGNvbnNvbGU6cmV2ZXJzZTpyZWFkLGNvbnNvbGU6cmV2ZXJzZTp3cml0ZSJ9.Dlw2lJJUFMQnXlmSM-xvyuKzELBZycb6Y-R2z8XAUS64HIB4oGPZTerBxa613vcCWopwaZOswj_y96ZNsGSo9A"
}
PreviousGeneralNextPASSPORT

Last updated