> For the complete documentation index, see [llms.txt](https://docs.ur.app/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.ur.app/getting-started/api-authentication.md).

# API authentication

UR uses [**Ethereum Personal Sign (EIP-191)**](https://eips.ethereum.org/EIPS/eip-191) for all API authentication. While there are no API keys or OAuth tokens, the concept is fundamentally the same: you register a key with UR, sign your requests with it, and UR verifies the signature on every call.

## Registering and deregistering keys

During onboarding, you generate an ECDSA key pair and register the public address (an Ethereum address) with UR. This is your authentication credential. You can rotate keys by registering a new address and deregistering the old one through your dedicated integration channel.

## Two authentication methods

| Method                                    | Used for                                              | Who signs                          |
| ----------------------------------------- | ----------------------------------------------------- | ---------------------------------- |
| Partner authentication (server-to-server) | UR-OPEN-API and Webhooks                              | Your backend's registered key pair |
| User authentication (wallet-to-server)    | UR-API (sensitive user operations like FX, transfers) | The user's wallet                  |

## How it works

```mermaid
flowchart LR
    A[Generate key pair] --> B[Register public address with UR]
    B --> C[Sign API requests with private key]
    C --> D[UR verifies signature]
    D --> E[Request authenticated]
```

{% hint style="info" %}
For webhook verification, the flow is reversed: UR signs the response body, and your backend verifies the signature against UR's known server address.
{% endhint %}

For the full signing logic, code examples, and environment addresses, see [Signature and Verify](/developer-resources/signature-and-verify.md).


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ur.app/getting-started/api-authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.