# Sign Message API ## Introduction The `personal_sign` method is used to sign a given message with the private key of a specified Ethereum address. This is a way to prove that the sender has control over the private key of the address, without revealing the key itself. It is widely used for authentication and message verification purposes. To sign a message a user / an account would need to have to have been register and authenticated by going through [register-using-api](https://docs.0xpass.io/authentication/passkeys/registration/register-using-api "mention") flow. Once you have registered the user, you can choose one of the below 2 flows ## **Session-Based Authentication** ### Request Spec Follow the [authenticating-with-api](https://docs.0xpass.io/authentication/passkeys/authentication/authenticating-with-api "mention") flow to obtain the session and then do the following HTTP request [**Headers**](https://docs.0xpass.io/wallet-operations/passkeys-signer/sign-message/broken-reference)**:** * X-Encrypted-Session: Session information for maintaining state or continuity. * X-Encrypted-Key: Encrypted key for secure processing of the request. * X-Encrypted-User: User details encrypted using encryption key **Body:** * Params: an array containing below items: * A string containing the message to sign, encoded in hexadecimal and prefixed with 0x. * A string representing the Ethereum address to sign the message with, prefixed with 0x. ### Response Spec * Result: A string representing the hexadecimal signature of the message. ### Request Example ```http POST / HTTP/1.1 Host: tiramisu.0xpass.io Content-Type: application/json X-Encrypted-Session: eJjdnfdknf... X-Encrypted-Key: jp6t2GVOvzltN+4VGc21ZKPIbLjEvitE34cFYDvVNrcmF2ukcKMTO8R/F0wbonGZM0NZBg2X94FvirH6Hi2U1zFlXN5srkOdvQL3lVNZ86gbfEtJFPOEAeZkxtTOKOsH4ZXPtUbFOjT2Niblo8njOKibOoAMRKIhtsNTTvRXjHRxnNqVs3QcSe7XbO1DbH/pdRgq+YZN13znlSRsupu4G/h/KBEZr98wXFo8PeDV9F8ZV56F90GqQ3wKzFUBwC9rJihGz0omH+eJA0jB/K7BYt30fhWDnqaLNP2eb1mbIjBCmv6sXqu2jtghr3ejl0YwjP9lCO+aVD7bophfb/IyKg== X-Encrypted-User: JZVjZw33OGoQDEMcbOdckx4TzspQEKP5j+iAGqf6b6gPleziY/Noyd4uW6KMSujq0HKP2Rb69p9Wi8ic5O8LZl9oTmmWk4op0CUKejqcV5DsNDp83PYzUg== { "jsonrpc": "2.0", "id": 2, "method": "personal_sign", "params": [ "0x7468697320697320612074657374206d657373616765", "0x00" ] } ``` ### Response Example **Success Response:** ```json { "jsonrpc": "2.0", "result": "0x66cc515557fc5b7a53de5ea02e6cd248f1500b1a1107e118c59739b35f1c696e48f89564f74dbd17883477b8f43b3e0454f20464071796c7d1363d5821aae7351b", "id": 2 } ``` **Error Response:** ```json { "jsonrpc": "2.0", "error": { "code": -32603, "message": "Internal JSON-RPC error." }, "id": 2 } ``` ## **Direct Passkey Authentication** ### Request Spec In order to use this approach, you must sign your User Input json using Passkey to obtain a signature. [**Headers**](https://docs.0xpass.io/wallet-operations/passkeys-signer/sign-message/broken-reference) * X-Encrypted-Key: Encrypted key for secure processing of the request. * X-Encrypted-Webauthn-Signature: Webauthn signature encrypted using encryption key * X-Encrypted-User: User details encrypted using encryption key **Body:** * Params: an array containing below items: * A string containing the message to sign, encoded in hexadecimal and prefixed with 0x. * A string representing the Ethereum address to sign the message with, prefixed with 0x. ### Response Spec * Result: A string representing the hexadecimal signature of the message. ### Request Example ```http POST / HTTP/1.1 Host: tiramisu.0xpass.io Content-Type: application/json X-Encrypted-Webauthn-Signature: eJjdnfdknf... X-Encrypted-Key: jp6t2GVOvzltN+4VGc21ZKPIbLjEvitE34cFYDvVNrcmF2ukcKMTO8R/F0wbonGZM0NZBg2X94FvirH6Hi2U1zFlXN5srkOdvQL3lVNZ86gbfEtJFPOEAeZkxtTOKOsH4ZXPtUbFOjT2Niblo8njOKibOoAMRKIhtsNTTvRXjHRxnNqVs3QcSe7XbO1DbH/pdRgq+YZN13znlSRsupu4G/h/KBEZr98wXFo8PeDV9F8ZV56F90GqQ3wKzFUBwC9rJihGz0omH+eJA0jB/K7BYt30fhWDnqaLNP2eb1mbIjBCmv6sXqu2jtghr3ejl0YwjP9lCO+aVD7bophfb/IyKg== X-Encrypted-User: JZVjZw33OGoQDEMcbOdckx4TzspQEKP5j+iAGqf6b6gPleziY/Noyd4uW6KMSujq0HKP2Rb69p9Wi8ic5O8LZl9oTmmWk4op0CUKejqcV5DsNDp83PYzUg== { "jsonrpc": "2.0", "id": 2, "method": "personal_sign", "params": [ "0x7468697320697320612074657374206d657373616765", "0x00" ] } ``` ### Response Example **Success Response:** ```json { "jsonrpc": "2.0", "result": "0x66cc515557fc5b7a53de5ea02e6cd248f1500b1a1107e118c59739b35f1c696e48f89564f74dbd17883477b8f43b3e0454f20464071796c7d1363d5821aae7351b", "id": 2 } ``` **Error Response:** ```json { "jsonrpc": "2.0", "error": { "code": -32603, "message": "Internal JSON-RPC error." }, "id": 2 } ```