ERC-8128: Signed HTTP Requests with Ethereum.
A signature-based authentication standard that cryptographically binds identity and intent to every request.
The missing primitive to securely verify humans, machines, and AI agents on the web, built on Ethereum.
A signature-based authentication standard that cryptographically binds identity and intent to every request.
The missing primitive to securely verify humans, machines, and AI agents on the web, built on Ethereum.
Traditional authentication relies on issuing credentials: API keys, JWTs, session tokens. It requires a login step and issuing secrets that must be stored and protected — if they leak, your account is compromised.
ERC-8128 flips this model. Instead of shared secrets, the client signs each request with an Ethereum account, while the server verifies it without issuing anything. Authentication becomes stateless for clients, lighter for servers, and provides a first-class mechanism for agents and backend systems to perform scoped, expiring actions across any service.
And since it’s built on RFC 9421 (HTTP Message Signatures), it integrates directly with existing web infrastructure. erc8128.org
ERC-8128 flips this model. Instead of shared secrets, the client signs each request with an Ethereum account, while the server verifies it without issuing anything. Authentication becomes stateless for clients, lighter for servers, and provides a first-class mechanism for agents and backend systems to perform scoped, expiring actions across any service.
And since it’s built on RFC 9421 (HTTP Message Signatures), it integrates directly with existing web infrastructure. erc8128.org
The key innovation: the client controls the security posture of each request, not the server.
Signatures can bind tightly to a specific request or loosely to a class of requests, with or without replay protection — a spectrum from maximum security to maximum performance, chosen on a per-request basis.
Servers must accept the strongest guarantees — non-replayable + request-bound — so clients are never forced to weaken their security unless they choose to.
Signatures can bind tightly to a specific request or loosely to a class of requests, with or without replay protection — a spectrum from maximum security to maximum performance, chosen on a per-request basis.
Servers must accept the strongest guarantees — non-replayable + request-bound — so clients are never forced to weaken their security unless they choose to.
ERC-8128 is part of a bigger vision for Ethereum identity on the web.
Because Ethereum accounts carry persistent onchain state, services can directly verify eligibility and accept payment using the same cryptographic identity, without having to login. This enables APIs to be open by default, aligning with the original vision of a permissionless internet.
Machine-to-machine communication is growing fast. Combined with ERC-8004, AI agents can authenticate, gain trusted access to services, and interact seamlessly on the internet.
And this goes beyond Ethereum. Our goal is to advance this model into a web standard — because this is how authentication should work everywhere.
Because Ethereum accounts carry persistent onchain state, services can directly verify eligibility and accept payment using the same cryptographic identity, without having to login. This enables APIs to be open by default, aligning with the original vision of a permissionless internet.
Machine-to-machine communication is growing fast. Combined with ERC-8004, AI agents can authenticate, gain trusted access to services, and interact seamlessly on the internet.
And this goes beyond Ethereum. Our goal is to advance this model into a web standard — because this is how authentication should work everywhere.
Ready to try it? Start today with our open-source library and docs — sign and verify requests in a few lines of code.
▷ library: github.com/slice-so/erc81…
▷ docs: erc8128.slice.so
▷ spec: github.com/ethereum/ERCs/…
▷ site: erc8128.org
We want your feedback — and if you're building agents or are interested in integrating it into your APIs, we want to talk. Drop a comment, or join the Telegram.
Let's make the web better with Ethereum.
▷ library: github.com/slice-so/erc81…
▷ docs: erc8128.slice.so
▷ spec: github.com/ethereum/ERCs/…
▷ site: erc8128.org
We want your feedback — and if you're building agents or are interested in integrating it into your APIs, we want to talk. Drop a comment, or join the Telegram.
Let's make the web better with Ethereum.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
