When protocol clients what to make authenticated HTTPs requests, they can leverage the standard signed fetch mechanism.
A signed fetch is request that includes an authentication chain , represented through headers. Servers with Decentraland-compatible APIs can validate identities before, for example, allowing requests from scenes or creating adapters .
The information the server needs to validate the authentication chain is relayed in 3+ headers:
timestampfield included in the signed payload (see below).
metadatafield included in the signed payload (see below).
X-Identity-AuthChain-<index>: the JSON-serialized authentication step
<index>, starting from
The transmitted chain is validated by the server as specified .
The request body is unspecified. Services have full flexibility to use any protocols or formats they like.
The authentication chain payload for a signed fetch is a lower-case, colon-separated string that includes some of the request elements:
path fields must match those of the request, and
timestamp is the same as in the
The last field,
metadata, can have arbitrary content.