Ethereum Identity
for the Web
ERC-8128 lets Ethereum accounts authenticate HTTP requests across the web.
No logins, no secret keys, no friction.
Sign
The client signs the request — URL, body, expiry, nonce — choosing the security posture.
Send
The signed request is sent with the client's Ethereum address and signature.
Verify
The server verifies the signature binds to the request, and authenticates the client.
Client-Controlled Security
Unlike traditional authentication, the signer chooses what to sign (method, path, body, headers) and the security profile for each request.
Signature-Based Auth
Bearer tokens and sessions are replaced with cryptographic proofs. That means no secrets to store, rotate or leak.
Request Integrity
Each signature is cryptographically bound to the HTTP request. Any tampering causes verification to fail.
Universal Identity
ERC-8128 turns Ethereum accounts into web-native credentials — no login required to use any compliant service.
PLAYGROUND
SIGN AND VERIFY AN HTTP REQUEST WITH YOUR ETHEREUM WALLET
1. Connect a wallet and configure the request parameters
2. Sign the request and view the verification result
3. Enable auto-signing to use an app wallet without popups
4. Optional: call DELETE without one or more components to view the ERC-8128 error response
> COMPOSE REQUEST
> SIGNATURE COMPONENTS
> SERVER STORAGE BACKEND
> SIGNATURE BASE PREVIEW
"@authority": erc8128.org "@method": POST "@path": /verify "mode": eoa "content-digest": sha-256=:[calculating...]: "nonce": 6d5584aa08c74217 "@signature-params": ("@authority" "@method" "@path" "mode" "content-digest");created=1777506705;expires=1777506765;nonce="6d5584aa08c74217";keyid="erc8128:1:0x..."RFC 9421
> SIGNED HEADERS
Sign the request to generate headers.
> VERIFICATION RESULT
Not sent yet.
Open APIs
Serve authenticated requests from anyone with an Ethereum account. Lower the barrier to entry without compromising security.
AI Agents
Agents authenticate to APIs and each other with wallet-based credentials. Pair with ERC-8004 to verify reputation and permissions onchain.
Onchain Commerce
Authenticate buyers with the same wallet that pays onchain. Unified identity from browse to checkout, tamper-proof by design.
Security-Critical Endpoints
Ideal for services where compromise isn't an option. Every request requires a non-replayable proof tied to the sender.
Secure by Design
Traditional authentication places the policy on the server. ERC-8128 flips the model: the client defines the security posture of every request.
Request Binding
How tightly a signature is bound to a request.
Replay Protection
Whether a signature can be validly reused.
Any compliant verifier accepts Request-Bound + Non-Replayable requests. Clients are never forced to weaken their security guarantees unless they choose to.
Built on widely adopted web and Ethereum standards.
// Create a client and sign requests
import { createSignerClient } from '@slicekit/erc8128'
import { privateKeyToAccount } from 'viem/accounts'
const account = privateKeyToAccount('0x...')
const signer = {
chainId: 1,
address: account.address,
signMessage: (msg) => account.signMessage({ message: { raw: msg } }),
})
const signerClient = createSignerClient(signer)
const response = await signerClient.fetch(
'https://api.example.com/orders', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ amount: '100' }),
}) // Verify incoming signed requests
import { createVerifierClient } from '@slicekit/erc8128'
import { createPublicClient, http } from 'viem'
import { mainnet } from 'viem/chains'
import { nonceStore } from './nonceStore'
const publicClient = createPublicClient({
chain: mainnet,
transport: http(),
})
const verifier = createVerifierClient(publicClient.verifyMessage, nonceStore)
const result = await verifier.verifyRequest(request)
if (result.ok) {
console.log(`Authenticated: ${result.address}`)
} $bun add @slicekit/erc8128 ERC-8128 implementation in Typescript with full test coverage.
Library reference and spec overview for signing and verifying requests.
Join the core team and developers building with ERC-8128.
Participate in standard development and protocol-level discussion.