> ## Documentation Index
> Fetch the complete documentation index at: https://docs.coinfello.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate with CoinFello using Sign-In with Ethereum (SIWE)

The CoinFello API uses [Sign-In with Ethereum (EIP-4361)](https://eips.ethereum.org/EIPS/eip-4361) for authentication. You must complete the SIWE flow to obtain a session cookie before calling the A2A endpoint. Unauthenticated requests return a `401` error.

## Flow overview

<Steps>
  <Step title="Request a nonce">
    Fetch a one-time nonce from the server tied to your wallet address.
  </Step>

  <Step title="Construct and sign the SIWE message">
    Build an EIP-4361 message using the nonce, then sign it with your wallet.
  </Step>

  <Step title="Verify the signature">
    Submit the signed message to the server. On success, you receive a session cookie valid for subsequent requests.
  </Step>
</Steps>

## Step 1: Request a nonce

```bash theme={null}
curl -c cookies.txt -X POST https://app.coinfello.com/api/auth/siwe/nonce \
  -H "Content-Type: application/json" \
  -d '{
    "walletAddress": "0xYourWalletAddress",
    "chainId": 1
  }'
```

**Response**

```json theme={null}
{
  "nonce": "abc123xyz"
}
```

The `-c cookies.txt` flag saves the session cookie jar for use in subsequent requests.

## Step 2: Construct and sign the SIWE message

Build an [EIP-4361](https://eips.ethereum.org/EIPS/eip-4361) message using the nonce. The message format is:

```
app.coinfello.com wants you to sign in with your Ethereum account:
0xYourWalletAddress

URI: https://app.coinfello.com
Version: 1
Chain ID: 1
Nonce: abc123xyz
Issued At: 2024-01-01T00:00:00.000Z
```

Sign this message with your wallet to produce a signature. Most wallet libraries (viem, ethers.js, wagmi) expose a `signMessage` method for this.

<Note>
  The exact string you sign must match what you submit in step 3. Use a SIWE library (e.g., [`viem/siwe`](https://viem.sh/docs/siwe/utilities/createSiweMessage)) to construct and parse the message consistently.
</Note>

## Step 3: Verify the signature

Submit the signed message and signature to authenticate. Include `-b cookies.txt` to send the cookie from step 1 and `-c cookies.txt` to save the updated session cookie.

```bash theme={null}
curl -b cookies.txt -c cookies.txt -X POST https://app.coinfello.com/api/auth/siwe/verify \
  -H "Content-Type: application/json" \
  -d '{
    "message": "app.coinfello.com wants you to sign in with your Ethereum account:\n0xYourWalletAddress\n\nURI: https://app.coinfello.com\nVersion: 1\nChain ID: 1\nNonce: abc123xyz\nIssued At: 2024-01-01T00:00:00.000Z",
    "signature": "0xYourSignature",
    "walletAddress": "0xYourWalletAddress",
    "chainId": 1
  }'
```

On success the server sets an authenticated session cookie. Pass this cookie with all subsequent A2A requests.

## Making authenticated requests

Use the saved cookie jar with every API call:

```bash theme={null}
curl -b cookies.txt -X POST https://app.coinfello.com/api/a2a \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "message/send",
    "params": {
      "message": {
        "role": "user",
        "parts": [{ "type": "text", "text": "What are the best yields for ETH right now?" }]
      }
    }
  }'
```