Login

Bond's authentication mechanism ensures the utmost security, combining both the robustness of blockchain and traditional API key methodologies. Here's a breakdown of the login steps:

Challenge

The process begins with the generation of a challenge from the server. To initiate this:

• Use the API key you've procured from the bond project management platform.

• Request a challenge from our server.

The purpose of this challenge is to later validate your identity with the Ethereum wallet's unique signature.

API Details

query Challenge($request: ChallengeRequest!) {
 challenge(request: $request) {
    text
  }
}

challengeResponse: {
  text: '\n' +
    'ExampleAPP wants you to sign in with your Ethereum account:\n' +
    '0x9965507D1a55bcC2695C58ba16FB37d829B0B4dc\n' +
    '\n' +
    'Sign in with ethereum to bond.network\n' +
    '\n' +
    'Version: 1\n' +
    'Chain ID: 80001\n' +
    'Nonce: T3M1yAHjDEMjCcc4\n' +
    'Issued At: Thu, 27 Apr 2023 16:39:24 GMT\n' +
    ' ',
  __typename: 'AuthChallengeResult'
}

Authenticate

Upon receiving the challenge text from our server:

• Sign this challenge using your Ethereum wallet.

• Forward the resulting signature to our authentication endpoint.

In response, you will receive:

• accessToken: A token granting access for a concise span. It has a 1-hour validity, after which it needs refreshing.

• refreshToken: A more enduring token with a 7-day lifespan. It enables users to remain authenticated over extended periods without frequent challenge signings. When the accessToken expires, use the refreshToken to generate a fresh one, ensuring a seamless experience.