CheckoutPayment Security & Risk ManagementCheckout Security

Wallet-Signed Authentication (Advanced)

Require customers who connect with a Solana or EVM wallet to sign a message before viewing saved cards and bank accounts.

This page is for advanced / cryptocurrency-native companies. If that’s not you, head back to the Quickstart for the standard flows.

What Is Wallet-Signed Authentication

Advanced: this applies only to integrations where your customers authenticate with a Solana or EVM wallet. If your customers connect Coinflow with a Solana or EVM wallet, you can require them to sign a message with that wallet before viewing their saved cards and bank accounts. This prevents anyone who knows the wallet address from viewing linked payment methods.

Implementation

Coinflow uses wallet message signing authentication to validate that a particular user owns the wallet associated with their account. In order to enable this in your integration you will need to implement the signMessage function in your wallet.

📘 Please upgrade to @coinflowlabs/react > v3 and @coinflowlabs/react-native > v2

Solana

1<CoinflowPurchase
2  ...
3  wallet={{
4    ...
5    signMessage: (message: UInt8Array) => Promise<UInt8Array>;
6  }}
7 />

EVM

1import { useSignMessage } from "wagmi";
2
3const {signMessageAsync} = useSignMessage();
4
5const signMessage = useCallback(
6  async (message: string) => {
7    // It is not necessary to use wagmi you can use any custom logic to generate a valid signature for the address
8    return await signMessageAsync({ message });
9  },
10  [signMessageAsync]
11);
12
13<CoinflowPurchase
14  ...
15  wallet={{
16    ...
17    signMessage,
18  }}
19 />

Enable Strong Authentication on Merchant Settings

Once you have message signing integrated for your application you can head to your settings page and enable strong authentication for your account.

🚧 Enabling this without implementing signMessage from above will break all withdraws and not allow checkout customers to view their saved cards.