When a web application is connected to Phantom, it can also request that the user signs a given message. Applications are free to write their own messages which will be displayed to users from within Phantom's signature prompt. Message signatures do not involve network fees and are a convenient way for apps to verify ownership of an address.
In order to send a message for the user to sign, a web application must:
- Provide a hex or UTF-8 encoded string as a Uint8Array.
- Request that the encoded message is signed via the user's Phantom wallet.
The handleSignMessage
section of our developer sandbox provides an example of signing a message.
{% hint style="info" %} For more information on how to verify the signature of a message, please refer to tweetnacl-js. {% endhint %}
{% tabs %} {% tab title="signMessage()" %}
const provider = getProvider(); // see "Detecting the Provider"
const message = `To avoid digital dognappers, sign below to authenticate with CryptoCorgis`;
const encodedMessage = new TextEncoder().encode(message);
const signedMessage = await provider.signMessage(encodedMessage, "utf8");
{% endtab %}
{% tab title="request()" %}
const provider = getProvider(); // see "Detecting the Provider"
const message = `To avoid digital dognappers, sign below to authenticate with CryptoCorgis`;
const encodedMessage = new TextEncoder().encode(message);
const signedMessage = await provider.request({
method: "signMessage",
params: {
message: encodedMessage,
display: "hex",
},
});
{% endtab %} {% endtabs %}
Applications that rely on signMessage
for authenticating users can choose to opt-in to one of the various Sign In With (SIW) standards. You can read more about them here.