Skip to main content

Action Signing

Current private-beta model

This page keeps the historical /integration/eip712-signing path for link compatibility, but the current private-beta trading action path is not EIP-712 typed data.

Senticore trading actions are authorized by signing a deterministic action payload:

  1. Build the action payload in canonical field order.
  2. Encode it as canonical JSON bytes.
  3. Compute the production v2 hash: blake3("SENTICORE/ACTION_PAYLOAD/v2" || chainId_be_u64 || verifyingContract20 || canonical_bytes).
  4. Sign the 32-byte hash with secp256k1.
  5. Submit { payload, signature } through Trading HTTP or Order Entry.

The backend accepts both:

  • raw ECDSA over the 32-byte action hash, and
  • EIP-191 personal_sign over that 32-byte hash.

Signatures are 65 bytes in EVM order: r || s || v. Recovery byte v may be 0/1 or 27/28.

TypeScript SDK

Use the SDK signing helpers instead of calling POST /actions/hash in the hot path:

import { signAction, type LocalActionPayload } from "@sentico-labs/sdk";

const payload: LocalActionPayload = {
account: "0x1111111111111111111111111111111111111111",
nonce: 4810,
ts: Date.now(),
action: {
kind: "SpotPlaceOrder",
market: 7,
side: "Bid",
price: 998400,
qty: 1000,
timeInForce: "post_only"
}
};

const chainBinding = (await client.orderEntry.getActionChainBinding()).data;
const signedAction = signAction(payload, process.env.SENTICORE_PRIVATE_KEY!, {
chainBinding,
});
await client.trading.submitSignedAction(signedAction, {
idempotencyKey: "client-order-4810"
});

For full canonical encoding rules and golden vectors, see Local Action Signing.

Nonces

Local signing does not reserve or assign a nonce by itself. Clients must either:

  • track the next account nonce locally and recover from structured nonce errors, or
  • call the nonce-reservation endpoint and include the returned nonceReservationId in the payload before signing.

If a payload includes a reservation id without a valid reservation token, the action is rejected.

Delegated API agents

API agents and FIX credentials authorize an integration lane or delegated signer, but they do not remove the action-level authorization requirement. Every mutating order action must still be signed by the account owner or an authorized delegated signer.