Skip to main content

Install

Basic usage

Verification only (no spend)

Omit spendAmount (or set it to new BN(0)) to verify the Sigil without recording any spend. Useful for reading endpoints or when you handle billing separately.

Applying to multiple routes

TypeScript: accessing sigilAgent

The middleware attaches the verified agent pubkey to req.sigilAgent. Extend the Request type to avoid casting:
Then in your handlers:

Error responses

The middleware returns 402 Payment Required on any failure. Common rejection reasons:
ReasonWhat to fix
Missing required headersAgent must include all three x-sigil-* headers
Request timestamp is expiredAgent clock is skewed — re-generate headers closer to request time
Signature verification failedAgent is signing with the wrong keypair or wrong message format
Agent Sigil is invalid or lacks capabilityPrincipal needs to issue or update the Sigil
record_spend failedAgent has hit its daily spend limit