# Sign Message API ## Introduction The `personal_sign` method is used to sign a given message with the private key of a specified Ethereum address. This is a way to prove that the sender has control over the private key of the address, without revealing the key itself. It is widely used for authentication and message verification purposes. To sign a message a user / an account would need to have to have been register and authenticated by going through [Register using API](/authentication/passkeys/registration/register-using-api.md) flow. Once you have registered the user, you can choose one of the below 2 flows ## **Session-Based Authentication** ### Request Spec Follow the [Authenticating with API](/authentication/passkeys/authentication/authenticating-with-api.md) flow to obtain the session and then do the following HTTP request [**Headers**](broken://pages/6Ip1xrKh5rkgidowSGll)**:** * X-Encrypted-Session: Session information for maintaining state or continuity. * X-Encrypted-Key: Encrypted key for secure processing of the request. * X-Encrypted-User: User details encrypted using encryption key **Body:** * Params: an array containing below items: * A string containing the message to sign, encoded in hexadecimal and prefixed with 0x. * A string representing the Ethereum address to sign the message with, prefixed with 0x. ### Response Spec * Result: A string representing the hexadecimal signature of the message. ### Request Example ```http POST / HTTP/1.1 Host: tiramisu.0xpass.io Content-Type: application/json X-Encrypted-Session: eJjdnfdknf... X-Encrypted-Key: jp6t2GVOvzltN+4VGc21ZKPIbLjEvitE34cFYDvVNrcmF2ukcKMTO8R/F0wbonGZM0NZBg2X94FvirH6Hi2U1zFlXN5srkOdvQL3lVNZ86gbfEtJFPOEAeZkxtTOKOsH4ZXPtUbFOjT2Niblo8njOKibOoAMRKIhtsNTTvRXjHRxnNqVs3QcSe7XbO1DbH/pdRgq+YZN13znlSRsupu4G/h/KBEZr98wXFo8PeDV9F8ZV56F90GqQ3wKzFUBwC9rJihGz0omH+eJA0jB/K7BYt30fhWDnqaLNP2eb1mbIjBCmv6sXqu2jtghr3ejl0YwjP9lCO+aVD7bophfb/IyKg== X-Encrypted-User: JZVjZw33OGoQDEMcbOdckx4TzspQEKP5j+iAGqf6b6gPleziY/Noyd4uW6KMSujq0HKP2Rb69p9Wi8ic5O8LZl9oTmmWk4op0CUKejqcV5DsNDp83PYzUg== { "jsonrpc": "2.0", "id": 2, "method": "personal_sign", "params": [ "0x7468697320697320612074657374206d657373616765", "0x00" ] } ``` ### Response Example **Success Response:** ```json { "jsonrpc": "2.0", "result": "0x66cc515557fc5b7a53de5ea02e6cd248f1500b1a1107e118c59739b35f1c696e48f89564f74dbd17883477b8f43b3e0454f20464071796c7d1363d5821aae7351b", "id": 2 } ``` **Error Response:** ```json { "jsonrpc": "2.0", "error": { "code": -32603, "message": "Internal JSON-RPC error." }, "id": 2 } ``` ## **Direct Passkey Authentication** ### Request Spec In order to use this approach, you must sign your User Input json using Passkey to obtain a signature. [**Headers**](broken://pages/6Ip1xrKh5rkgidowSGll) * X-Encrypted-Key: Encrypted key for secure processing of the request. * X-Encrypted-Webauthn-Signature: Webauthn signature encrypted using encryption key * X-Encrypted-User: User details encrypted using encryption key **Body:** * Params: an array containing below items: * A string containing the message to sign, encoded in hexadecimal and prefixed with 0x. * A string representing the Ethereum address to sign the message with, prefixed with 0x. ### Response Spec * Result: A string representing the hexadecimal signature of the message. ### Request Example ```http POST / HTTP/1.1 Host: tiramisu.0xpass.io Content-Type: application/json X-Encrypted-Webauthn-Signature: eJjdnfdknf... X-Encrypted-Key: jp6t2GVOvzltN+4VGc21ZKPIbLjEvitE34cFYDvVNrcmF2ukcKMTO8R/F0wbonGZM0NZBg2X94FvirH6Hi2U1zFlXN5srkOdvQL3lVNZ86gbfEtJFPOEAeZkxtTOKOsH4ZXPtUbFOjT2Niblo8njOKibOoAMRKIhtsNTTvRXjHRxnNqVs3QcSe7XbO1DbH/pdRgq+YZN13znlSRsupu4G/h/KBEZr98wXFo8PeDV9F8ZV56F90GqQ3wKzFUBwC9rJihGz0omH+eJA0jB/K7BYt30fhWDnqaLNP2eb1mbIjBCmv6sXqu2jtghr3ejl0YwjP9lCO+aVD7bophfb/IyKg== X-Encrypted-User: JZVjZw33OGoQDEMcbOdckx4TzspQEKP5j+iAGqf6b6gPleziY/Noyd4uW6KMSujq0HKP2Rb69p9Wi8ic5O8LZl9oTmmWk4op0CUKejqcV5DsNDp83PYzUg== { "jsonrpc": "2.0", "id": 2, "method": "personal_sign", "params": [ "0x7468697320697320612074657374206d657373616765", "0x00" ] } ``` ### Response Example **Success Response:** ```json { "jsonrpc": "2.0", "result": "0x66cc515557fc5b7a53de5ea02e6cd248f1500b1a1107e118c59739b35f1c696e48f89564f74dbd17883477b8f43b3e0454f20464071796c7d1363d5821aae7351b", "id": 2 } ``` **Error Response:** ```json { "jsonrpc": "2.0", "error": { "code": -32603, "message": "Internal JSON-RPC error." }, "id": 2 } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.0xpass.io/wallet-operations/passkeys-signer/sign-message/sign-message-api.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.