Skip to main content

POST /auth/register-pubkey

Binds a session public key to a merchant address. The session key is the signing identity for every authenticated call — see Authentication.

Request

POST /auth/register-pubkey
{
  "ownerAddress": "0xMerchant…",
  "publicKey": "0x04abc…",
  "signature": "0xWalletSig…"
}
FieldTypeNotes
ownerAddressstringThe merchant's wallet address.
publicKeystringUncompressed SEC1 secp256k1 pubkey (0x04…, 65 bytes). The public half of the session key your client will sign with.
signaturestringEIP-191 signature by ownerAddress over the raw publicKey string. Proves the merchant authorized this key.

The wallet signature ensures only the owner of ownerAddress can register a key against it. Use whatever signing UX your merchant wallet supports — MetaMask personal_sign, TronLink signMessageV2, or any eth_personalSign-compatible call.

Response

200 OK

{
  "registered": true,
  "ownerAddress": "0xMerchant…",
  "publicKey": "0x04abc…",
  "expiresAt": 1738169820
}

expiresAt is the unix timestamp when the registration stops being honored. Re-register before that window closes to keep the key live; re-registering the same pubkey is a refresh and preserves the per-key replay nonce.

Limits

A merchant may have multiple session keys registered at once (handy for rotating keys without downtime). Operators set a per-owner cap; once reached, registering a new key returns 409 Conflict until you deregister an existing one.

Example

import { Wallet } from 'ethers';

// 1. Generate the session key (the private half stays on your server / device).
const sessionKey = Wallet.createRandom();
const publicKey  = sessionKey.signingKey.publicKey;     // "0x04…" SEC1 hex

// 2. Have the merchant wallet sign the pubkey hex string.
const ownerWallet = /* MetaMask / TronLink / similar */;
const signature   = await ownerWallet.signMessage(publicKey);

// 3. Register.
await fetch('https://api.feemaker.io/auth/register-pubkey', {
  method: 'POST',
  headers: { 'content-type': 'application/json' },
  body: JSON.stringify({
    ownerAddress: ownerWallet.address,
    publicKey,
    signature,
  }),
});