Wallet Auth - Longshot Docs

curl --request POST \
  --url https://api.longshot.xyz/v1/auth/wallet \
  --header 'Content-Type: application/json' \
  --data '{
  "address": "0x742d35cC6634C0532925A3B844Bc9e7595F8B2A1",
  "message": "Sign in to longshot.xyz\n\nAddress: 0x742d35cC6634C0532925A3B844Bc9e7595F8B2A1\nTimestamp: 1735430000000",
  "signature": "base64-encoded-ecdsa-signature"
}'

{
  "session_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "address": "0x742d35cC6634C0532925A3B844Bc9e7595F8B2A1",
  "user_id": "8d3f6b4a-a79a-4b4d-8e38-64c2d8f7b9a1",
  "expires_at": 1735516400
}

curl --request POST \
  --url https://api.longshot.xyz/v1/auth/wallet \
  --header 'Content-Type: application/json' \
  --data '{
  "address": "0x742d35cC6634C0532925A3B844Bc9e7595F8B2A1",
  "message": "Sign in to longshot.xyz\n\nAddress: 0x742d35cC6634C0532925A3B844Bc9e7595F8B2A1\nTimestamp: 1735430000000",
  "signature": "base64-encoded-ecdsa-signature"
}'

{
  "session_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "address": "0x742d35cC6634C0532925A3B844Bc9e7595F8B2A1",
  "user_id": "8d3f6b4a-a79a-4b4d-8e38-64c2d8f7b9a1",
  "expires_at": 1735516400
}

curl --request POST \
  --url https://api.longshot.xyz/v1/auth/wallet \
  --header 'Content-Type: application/json' \
  --data '{
  "address": "0x742d35cC6634C0532925A3B844Bc9e7595F8B2A1",
  "message": "Sign in to longshot.xyz\n\nAddress: 0x742d35cC6634C0532925A3B844Bc9e7595F8B2A1\nTimestamp: 1735430000000",
  "signature": "base64-encoded-ecdsa-signature"
}'

{
  "session_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "address": "0x742d35cC6634C0532925A3B844Bc9e7595F8B2A1",
  "user_id": "8d3f6b4a-a79a-4b4d-8e38-64c2d8f7b9a1",
  "expires_at": 1735516400
}

Endpoint

POSThttps://api.longshot.xyz/v1/auth/wallet

POST https://api.longshot.xyz/v1/auth/wallet
Content-Type: application/json

Creates a Longshot bearer session from a direct wallet signature.

Body Parameters

address

string

required

EVM wallet address in hex form. The request body accepts this value with or without the 0x prefix.

message

string

required

Plain-text sign-in message. It must exactly match:

Sign in to longshot.xyz

Address: {checksum_address}
Timestamp: {unix_millis}

signature

string

required

Base64-encoded 65-byte ECDSA signature over message.

Runnable Examples

# pip install eth-account
import base64
import json
import os
import time
import urllib.request

from eth_account import Account
from eth_account.messages import encode_defunct


BASE_URL = "https://api.longshot.xyz"
PRIVATE_KEY = os.environ["LONGSHOT_WALLET_PRIVATE_KEY"]


def post_json(path: str, body: dict) -> dict:
    req = urllib.request.Request(
        BASE_URL + path,
        data=json.dumps(body).encode(),
        method="POST",
        headers={"content-type": "application/json", "accept": "application/json"},
    )
    with urllib.request.urlopen(req, timeout=15) as res:
        return json.loads(res.read())


account = Account.from_key(PRIVATE_KEY)
timestamp_ms = int(time.time() * 1000)
message = (
    f"Sign in to longshot.xyz\n\n"
    f"Address: {account.address}\n"
    f"Timestamp: {timestamp_ms}"
)
signed = Account.sign_message(encode_defunct(text=message), PRIVATE_KEY)

session = post_json("/v1/auth/wallet", {
    "address": account.address,
    "message": message,
    "signature": base64.b64encode(signed.signature).decode(),
})

print(session["session_token"])

Response Fields

session_token

string

Bearer token for authenticated RFQ, portfolio, balance, and preference routes.

address

string

Authenticated wallet address.

user_id

string

Longshot user identifier for the wallet, encoded as a UUID string.

expires_at

int64

Session expiry as Unix seconds.

Overview Privy Session Auth

​Endpoint

​Body Parameters

​Runnable Examples

​Response Fields

Endpoint

Body Parameters

Runnable Examples

Response Fields