Introducing ERC-8128 → Read announcement

Ethereum Identity
for the Web

ERC-8128 lets Ethereum accounts authenticate HTTP requests across the web.

No logins, no secret keys, no friction.

Request Lifecycle
POST /api/resource content-digest: sha-256=X48E9... @authority: api.example.com

Sign

The client signs the request — URL, body, expiry, nonce — choosing the security posture.

Send

The signed request is sent with the client's Ethereum address and signature.

0x0000…0000 slice.eth

Verify

The server verifies the signature binds to the request, and authenticates the client.

Features

Client-Controlled Security

Unlike traditional authentication, the signer chooses what to sign (method, path, body, headers) and the security profile for each request.

Signature-Based Auth

Bearer tokens and sessions are replaced with cryptographic proofs. That means no secrets to store, rotate or leak.

Request Integrity

Each signature is cryptographically bound to the HTTP request. Any tampering causes verification to fail.

Universal Identity

ERC-8128 turns Ethereum accounts into web-native credentials — no login required to use any compliant service.

PLAYGROUND

SIGN AND VERIFY AN HTTP REQUEST WITH YOUR ETHEREUM WALLET

1. Connect a wallet and configure the request parameters

2. Sign the request and view the verification result

3. Enable auto-signing to use an app wallet without popups

4. Optional: call DELETE without one or more components to view the ERC-8128 error response

> COMPOSE REQUEST

> SIGNATURE COMPONENTS

> SERVER STORAGE BACKEND

> SIGNATURE BASE PREVIEW

"@authority": erc8128.org
"@method": POST
"@path": /verify
"mode": eoa
"content-digest": sha-256=:[calculating...]:
"nonce": 6d5584aa08c74217
"@signature-params": ("@authority" "@method" "@path" "mode" "content-digest");created=1777506705;expires=1777506765;nonce="6d5584aa08c74217";keyid="erc8128:1:0x..."
RFC 9421

> SIGNED HEADERS

Sign the request to generate headers.

> VERIFICATION RESULT

Not sent yet.
Use Cases

Open APIs

Serve authenticated requests from anyone with an Ethereum account. Lower the barrier to entry without compromising security.

AI Agents

Agents authenticate to APIs and each other with wallet-based credentials. Pair with ERC-8004 to verify reputation and permissions onchain.

Onchain Commerce

Authenticate buyers with the same wallet that pays onchain. Unified identity from browse to checkout, tamper-proof by design.

Security-Critical Endpoints

Ideal for services where compromise isn't an option. Every request requires a non-replayable proof tied to the sender.

Secure by Design

Traditional authentication places the policy on the server. ERC-8128 flips the model: the client defines the security posture of every request.

Axis 1

Request Binding

How tightly a signature is bound to a request.

Request-Bound — authorizes exactly one HTTP request. Any change to method, path, query, or body fails verification.
Class-Bound — authorizes a class of requests by selecting which components to sign. Fine-grained control, like scoped bearer tokens.
Axis 2

Replay Protection

Whether a signature can be validly reused.

Non-Replayable — includes a nonce. Verifiers enforce uniqueness. Guarantees single-use authorization.
Replayable — may be reused within a specified validity window. Useful for high-frequency, idempotent operations.

Any compliant verifier accepts Request-Bound + Non-Replayable requests. Clients are never forced to weaken their security guarantees unless they choose to.

REQUEST-BOUND CLASS-BOUND NON-REPLAYABLE REPLAYABLE Baseline Always accepted Confidential operations Idempotent reads Administrative bulk ops Scoped writes Public data feeds High-frequency APIs Polling endpoints
Best Performance
Best Security

Built on widely adopted web and Ethereum standards.

RFC 9421 HTTP Signatures
ERC-191 Signed Messages
ERC-1271 Smart Accounts
Quick Start
// Create a client and sign requests
import { createSignerClient } from '@slicekit/erc8128'
import { privateKeyToAccount } from 'viem/accounts'

const account = privateKeyToAccount('0x...')
const signer = {
  chainId: 1,
  address: account.address,
  signMessage: (msg) => account.signMessage({ message: { raw: msg } }),
})

const signerClient = createSignerClient(signer)

const response = await signerClient.fetch(
  'https://api.example.com/orders', {
method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ amount: '100' }), })
// Verify incoming signed requests
import { createVerifierClient } from '@slicekit/erc8128'
import { createPublicClient, http } from 'viem'
import { mainnet } from 'viem/chains'
import { nonceStore } from './nonceStore'

const publicClient = createPublicClient({
chain: mainnet, transport: http(), }) const verifier = createVerifierClient(publicClient.verifyMessage, nonceStore) const result = await verifier.verifyRequest(request) if (result.ok) {
console.log(`Authenticated: ${result.address}`) }
$bun add @slicekit/erc8128

Integrate today

Sign your first request and verify it in 5 minutes.

LIBRARY
Open Source Library

ERC-8128 implementation in Typescript with full test coverage.

GUIDES & REFERENCES
Documentation

Library reference and spec overview for signing and verifying requests.

COMMUNITY
Telegram Group

Join the core team and developers building with ERC-8128.

DISCUSSION
Ethereum Magicians

Participate in standard development and protocol-level discussion.

Copied!