The Server SDK is currently experimental and not ready for production use.

Signing Messages

Message signing is a crucial feature for authentication, proof of ownership, and creating verifiable statements. This guide covers how to sign messages using the Phantom Server SDK.

Overview

The SDK provides a simple interface for signing messages: 
const signature = await sdk.signMessage({
  walletId,      // The wallet to sign with
  message,       // The message to sign (string)
  networkId      // The network context
});
The signature returned is a base64-encoded string that can be verified using the wallet’s public key.

Basic Message Signing

Simple Example

import { ServerSDK, NetworkId } from '@phantom/server-sdk';

async function signAuthMessage(walletId: string) {
  const message = 'Please sign this message to authenticate with our service';

  const signature = await sdk.signMessage({
    walletId,
    message,
    networkId: NetworkId.SOLANA_MAINNET
  });

  console.log('Message:', message);
  console.log('Signature:', signature);
  
  return signature;
}

Network-Specific Signing

Different networks use different signing algorithms: 
// Solana - Ed25519 signatures

const solanaSignature = await sdk.signMessage({
  walletId, 
  message: 'Hello Solana',
  networkId: NetworkId.SOLANA_MAINNET
});

// Ethereum - ECDSA signatures (coming soon)
const ethSignature = await sdk.signMessage({
  walletId,
  message: '0x48656c6c6f20576f726c64', // Hex encoded message
  networkId: NetworkId.ETHEREUM_MAINNET
});

Examples

Timestamped Messages

Sign messages with timestamps for audit trails: 
async function signTimestampedMessage(
  walletId: string,
  action: string,
  data: any
) {
  const timestamp = new Date().toISOString();
  const message = JSON.stringify({
    action,
    data,
    timestamp,
    version: '1.0'
  });


  const signature = await sdk.signMessage({
    walletId,
    message,
    networkId: NetworkId.SOLANA_MAINNET
  });
  
  return {
    message,
    signature,
    timestamp
  };
}

// Example usage
const auditLog = await signTimestampedMessage(
  walletId,
  'TRANSFER_APPROVED',
  { to: recipientAddress, amount: '100 SOL' }
);

Best Practices

  1. Always include unique data in messages to prevent replay attacks (nonce, timestamp)
  2. Store message-signature pairs for audit and verification purposes
  3. Use structured messages (JSON) for complex data that needs signing
  4. Verify signatures server-side before processing any authenticated actions

Next Steps

Disclaimers

The Server SDK is a beta version, and Phantom will not be liable for any losses or damages suffered by you or your end users. Any suggestions, enhancement requests, recommendations, or other feedback provided by you regarding the Server SDK will be the exclusive property of Phantom. By using this beta version and providing feedback, you agree to assign any rights in that feedback to Phantom.