App Keys

In order to reduce operational actions by spender account and ability to delegate operational tasks to other people it is possible to create operations app keys which can do operations for owner account.

To make signature please use web3 library

Example on Javascript

// use current unix timestamp for the salt. 
// Do not warry this is not Ethereum Transaction. Your funds are safe. Verify
const body = { salt: moment.utc().unix() }
const message = JSON.stringify(body) 
const web3 = new Web3()
const signature = web3.eth.accounts.sign(message, PRIVATE_KEY).signature

// add signature field into body
request = { ...body, signature }
// use this request for addNewAppKey, removeAppKey, ....

FYI: Simple javascript example - explanation how server verifies it

if(msg.salt == null) throw
if isKnown(request.signature) throw

signature = request.signature
delete request.signature

const msg = JSON.stringify(request)
const owner = getOwner(msg, signature)
//make the actions from extracted owner

• POST /addNewAppKey { signature, salt, appKeyAddress } → 200 OK

  • Generate private key and address. Use the address as appKeyAddress
  • This APP Key should be created by wallet deployer once. All other operations could be done by created APP key for wallet owner

• POST /removeAppKey { signature, salt, appKeyAddress } → 200 OK

  This operation can be done by wallet deployer

• POST /getAppKeys { ownerAddress } → [{ … }]

  List all your APP keys. 10 App keys is limit