Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
Slice Profile picture
Slice
@slice__so
The World Marketplace ▼

Feb 9, 5 tweets

ERC-8128: Signed HTTP Requests with Ethereum.

A signature-based authentication standard that cryptographically binds identity and intent to every request.

The missing primitive to securely verify humans, machines, and AI agents on the web, built on Ethereum.

Traditional authentication relies on issuing credentials: API keys, JWTs, session tokens. It requires a login step and issuing secrets that must be stored and protected — if they leak, your account is compromised.

ERC-8128 flips this model. Instead of shared secrets, the client signs each request with an Ethereum account, while the server verifies it without issuing anything. Authentication becomes stateless for clients, lighter for servers, and provides a first-class mechanism for agents and backend systems to perform scoped, expiring actions across any service.

And since it’s built on RFC 9421 (HTTP Message Signatures), it integrates directly with existing web infrastructure. erc8128.org

The key innovation: the client controls the security posture of each request, not the server.

Signatures can bind tightly to a specific request or loosely to a class of requests, with or without replay protection — a spectrum from maximum security to maximum performance, chosen on a per-request basis.

Servers must accept the strongest guarantees — non-replayable + request-bound — so clients are never forced to weaken their security unless they choose to.

ERC-8128 is part of a bigger vision for Ethereum identity on the web.

Because Ethereum accounts carry persistent onchain state, services can directly verify eligibility and accept payment using the same cryptographic identity, without having to login. This enables APIs to be open by default, aligning with the original vision of a permissionless internet.

Machine-to-machine communication is growing fast. Combined with ERC-8004, AI agents can authenticate, gain trusted access to services, and interact seamlessly on the internet.

And this goes beyond Ethereum. Our goal is to advance this model into a web standard — because this is how authentication should work everywhere.

Ready to try it? Start today with our open-source library and docs — sign and verify requests in a few lines of code.

▷ library: github.com/slice-so/erc81…
▷ docs: erc8128.slice.so
▷ spec: github.com/ethereum/ERCs/…
▷ site: erc8128.org

We want your feedback — and if you're building agents or are interested in integrating it into your APIs, we want to talk. Drop a comment, or join the Telegram.

Let's make the web better with Ethereum.

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling