Skip to main content
If your integration cannot leverage the automatic signing capabilities of Privy’s SDKs, Privy also offers utility functions for formatting and signing requests. You can use these functions to sign requests, even without initializing an instance of the Privy SDK, and then can manually include the returned signature in requests to the Privy API.

Client-side SDKs

There are two ways to sign requests on the client:
  1. Sign a server-formatted binary payload (recommended) — Your server formats the request into canonical bytes using the server SDK, sends the bytes to the client, and the client signs them directly. This gives the server full control over payload construction and allows server-side changes without requiring client SDK updates.
  2. Sign a structured payload — The client constructs the payload locally and signs it. This approach is simpler for prototyping but couples the client to the payload format.
In this approach, your server serializes the API request into canonical bytes using Privy’s server SDK. The client receives these bytes and signs them directly, without needing to understand the payload structure. This is the recommended approach because:
  • Your server has full control over constructing the correct payload
  • Server-side updates to the payload format do not require client SDK changes
  • The client does not need to construct or serialize the payload itself
1

Format the payload on your server

Use the server SDK’s formatRequestForAuthorizationSignature function to serialize the request into bytes. See Formatting requests below for the full reference.
2

Send the binary payload to your client

Send the base64-encoded bytes from your server to the client (e.g., as a JSON response field).
3

Sign the binary payload on the client

Decode the base64 payload and pass the raw bytes to generateAuthorizationSignature.
4

Send the signature to your backend

Return the base64-encoded signature string to your server.
5

Send the request to the Privy API

From your server, include the signature when making the request to the Privy API. You can pass it via the Node SDK’s authorization_context.signatures field, or include it directly as the privy-authorization-signature header.

Signing a structured payload

Alternatively, the client can construct the signature payload locally and sign it directly. The SDK canonicalizes the payload to JSON (RFC 8785) before signing.

1. Construct your signature payload

Given your desired request to the Privy API, build a JSON payload with the following fields. Your application will sign this entire payload to authorize the request to the Privy API. As an example, you might build a payload for an Ethereum personal_sign RPC request like so:

2. Sign your request

Next, use the SDK’s generateAuthorizationSignature method to sign the request. Pass the payload from step (1) as a parameter to this method. The method will sign the request with the current authenticated user’s signing key, and return the base64-encoded signature.

3. Send the request and signature to your backend

Next, make a request from your frontend to your backend including the request you intend to make to the Privy API and the corresponding signature from step (2). Your backend will proxy this request to the Privy API.

4. Send the request to the Privy API

Finally, make your request to the Privy API and include the signature in the privy-authorization-signature header for your request. As an example, in NodeJS, you can make the request like so:

Server-side SDKs

Privy’s server SDKs offer two utilities for signing requests:
  • Formatting requests for authorization signatures. This accepts your desired request to the Privy API and formats it into the required signature payload to be signed.
    • This utility is particularly helpful if your application signs requests via a separate service, e.g. an isolated KMS. Your primary server can format your request and generate the signature payload and call out to your signing service with the payload.
  • Generating authorization signatures. This accepts a formatted signature payload and signs it with your provided signing key.
    • This utility is particularly useful within a specific signing service. Within your signing service, you can import this function and use it to sign requests, and return the signature to your primary service.

Constructing your input

Both the formatting and signing functions of Privy’s SDKs require a JSON input with the following fields:

Formatting requests

Use the SDK’s formatting function to generate your signature payload. As a parameter to this function, pass the JSON object as defined above.
You can then take the returned serialized payload and call out to a signing service to generate a P256 signature over the payload.

Signing requests

To directly produce a signature over a request, use the SDK’s generate authorization signature method. As a parameter to this method, pass the JSON object as defined above.
This will return a base64-encoded signature over the payload you defined. Include this signature as the privy-authorization-signature header when making the request to the Privy API.