HashGuild Dev

Authentication of Users

In order to write e.g. transactions on HashGuild, a user is relevant. It is recommended to query for an account prior creating a transaction with the users endpoint. If however a user is not existing, you can create a user with the HashGuild API. The following explains how.

The Authentication API

Authentication of HashGuild follows strict rules to ensure safety and integrity of data. The signup-flow is programmatically callable via the APIs, a login is only possible on HashGuild for now.

In principal, the signup consists of two steps: Creating an authentication intent and verifying the signed intent. This authentication flow ensures wallet integrity and checks against Hedera directly, after utilizing a wallet for signing the response. Thus, the flow is wallet specific.

GET/v1/auth/intent

Retrieve Auth Intent

Retrieve data to be signed with your wallet in the second step and verify against HashGuild.

Request

GET
/v1/auth/intent
 curl -X https://hashguild.xyz/api/v1/auth/intent \
  -H "Authorization: Bearer {token}"

Response

{
"payload": {
    "url": "https://hashguild.xyz",
    "data": {
        "token": "d7164876ec4647d4deceebaf509c821005926b2404ab28430c09784f8b4b79ce04f0cc5e410e9f7efa47a40869e52c5a2"
    }
},
"signingData": {
    "signature": "tJnN/aoGCGpWzOuSmmsqwyfVlqNk6pMv5caETGbCnOoGG72VhjRtT7R9p97xK7aNdxdkw3TLZYZy8m5UlCQ==",
    "serverSigningAccount": "0.0.3402640"
    }
}
POST/v1/auth/hashpack/signup

Hashpack Signup

After signing the data with hashconnect.authenticate, data is passed to this endpoint to finish the signup process.

Required attributes

  • Name
    hashConnectResponse
    Type
    string
    Description

    The response object returned by hashconnect.authenticate with the uint8 arrays decoded to strings.

  • Name
    accountId
    Type
    string
    Description

    The account ID of the user to signup.

Optional attributes

  • Name
    whitelistToken
    Type
    string
    Description

    An whitelist token, used for tracking referrals, friend invitations or similar. Optional.

Request

POST
/v1/auth/hashpack/signup
 curl -X https://hashguild.xyz/api/v1/auth/hashpack/signup \
  -H "Authorization: Bearer {token}" 
   -d "{
        "hashConnectResponse": "<hashConnectResponse>",
        "accountId": "<accountId>",
   }"

Response

{     
    "code": "action-successful"
}