Authenticate using Ethereum wallet signatures. EIP-191 challenge-response, wallet registration, and cryptographic identity for agents and dApps.
Every Ethereum wallet has a unique address and private key. GitHat uses this for authentication: the address is the identity, the signature is the credential. Cryptographically secure by design.
Challenge-response with EIP-191: the nonce prevents replay attacks, the signature proves wallet ownership, and the recovered address must match the registered wallet. Standard Ethereum security.
Two-minute tokens are deliberate. AI agents operate in rapid cycles. Short tokens mean a compromised token expires before it can be misused. Re-authentication is cheap (one signature).
npm install ethers// Wallet authentication with ethers.js v6
import { ethers } from 'ethers';
const wallet = new ethers.Wallet(process.env.PRIVATE_KEY);
// Register (one-time)
await fetch('https://api.githat.io/agent/register', {
method: 'POST',
headers: { 'Content-Type': 'application/json', Authorization: 'Bearer USER_TOKEN' },
body: JSON.stringify({ walletAddress: wallet.address, chainId: 1, name: 'My Agent' })
});
// Authenticate (every 2 minutes)
const { nonce } = await fetch('https://api.githat.io/agent/challenge', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ wallet: wallet.address })
}).then(r => r.json());
const signature = await wallet.signMessage(nonce);
const { access_token } = await fetch('https://api.githat.io/agent/token', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ wallet: wallet.address, signature, nonce })
}).then(r => r.json());Ship authenticated apps in minutes, not weeks.