Skip to main content
The CoinFello API uses Sign-In with Ethereum (EIP-4361) for authentication. You must complete the SIWE flow to obtain a session cookie before calling the A2A endpoint. Unauthenticated requests return a 401 error.

Flow overview

1

Request a nonce

Fetch a one-time nonce from the server tied to your wallet address.
2

Construct and sign the SIWE message

Build an EIP-4361 message using the nonce, then sign it with your wallet.
3

Verify the signature

Submit the signed message to the server. On success, you receive a session cookie valid for subsequent requests.

Step 1: Request a nonce

curl -c cookies.txt -X POST https://app.coinfello.com/api/auth/siwe/nonce \
  -H "Content-Type: application/json" \
  -d '{
    "walletAddress": "0xYourWalletAddress",
    "chainId": 1
  }'
Response 
{
  "nonce": "abc123xyz"
}
The -c cookies.txt flag saves the session cookie jar for use in subsequent requests.

Step 2: Construct and sign the SIWE message

Build an EIP-4361 message using the nonce. The message format is: 
app.coinfello.com wants you to sign in with your Ethereum account:
0xYourWalletAddress

URI: https://app.coinfello.com
Version: 1
Chain ID: 1
Nonce: abc123xyz
Issued At: 2024-01-01T00:00:00.000Z
Sign this message with your wallet to produce a signature. Most wallet libraries (viem, ethers.js, wagmi) expose a signMessage method for this.
The exact string you sign must match what you submit in step 3. Use a SIWE library (e.g., viem/siwe) to construct and parse the message consistently.

Step 3: Verify the signature

Submit the signed message and signature to authenticate. Include -b cookies.txt to send the cookie from step 1 and -c cookies.txt to save the updated session cookie. 
curl -b cookies.txt -c cookies.txt -X POST https://app.coinfello.com/api/auth/siwe/verify \
  -H "Content-Type: application/json" \
  -d '{
    "message": "app.coinfello.com wants you to sign in with your Ethereum account:\n0xYourWalletAddress\n\nURI: https://app.coinfello.com\nVersion: 1\nChain ID: 1\nNonce: abc123xyz\nIssued At: 2024-01-01T00:00:00.000Z",
    "signature": "0xYourSignature",
    "walletAddress": "0xYourWalletAddress",
    "chainId": 1
  }'
On success the server sets an authenticated session cookie. Pass this cookie with all subsequent A2A requests.

Making authenticated requests

Use the saved cookie jar with every API call: 
curl -b cookies.txt -X POST https://app.coinfello.com/api/a2a \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "message/send",
    "params": {
      "message": {
        "role": "user",
        "parts": [{ "type": "text", "text": "What are the best yields for ETH right now?" }]
      }
    }
  }'