API Authentication
All Sigma Engine API endpoints require JWT authentication obtained via wallet signature verification.
Authentication Flow
1. Request Nonce
POST /api/wallet-auth/nonce
Body:
{ "wallet_address": "0x..." }
Returns a unique nonce for the wallet to sign.
2. Authenticate
POST /api/wallet-auth/authenticate
Body:
{ "wallet_address": "0x...", "signature": "0x..." }
Returns a JWT token and user profile. Include the token in all subsequent requests:
Authorization: Bearer eyJ...
3. Refresh Token
POST /api/wallet-auth/refresh
Tokens expire after 24 hours. Submit the expired token to receive a new one.
4. Accept Terms
POST /api/wallet-auth/accept-terms
Required on first login before accessing any trading features.
User Profile
| Endpoint | Method | Description |
|---|---|---|
/api/wallet-auth/me | GET | Get current user profile |
/api/wallet-auth/settings | PUT | Update user profile settings |
/api/wallet-auth/trading-modes | GET | List available trading modes |
Rate Limits
All endpoints are rate-limited. Exceeding limits will result in temporary throttling. Repeated abuse may result in access revocation.