webx403-server
Advanced tools
WebX403 Server SDK - Secure, stateless web3 authentication middleware for Node.js applications
Express & Fastify middleware for WebX403 wallet authentication. Easily protect your API routes with Solana wallet–based signatures.
npm install webx403-server
import express from 'express';
import { createWebX403, inMemoryLRU } from 'webx403-server';
const app = express();
// Create WebX403 instance
const webx = createWebX403({
issuer: 'my-api',
audience: 'https://api.example.com',
replayStore: inMemoryLRU(), // Prevent replay attacks
});
// Apply middleware
app.use(webx.middleware());
// Protected route
app.get('/protected', (req, res) => {
const user = (req as any).webx403User;
res.json({ message: '✅ Authenticated', wallet: user.address });
});
app.listen(3000, () => {
console.log('🚀 Server running at http://localhost:3000');
});
import Fastify from 'fastify';
import { createWebX403, inMemoryLRU } from 'webx403-server';
const fastify = Fastify();
const webx = createWebX403({
issuer: 'my-api',
audience: 'https://api.example.com',
replayStore: inMemoryLRU(),
});
// Add authentication hook
fastify.addHook('onRequest', webx.fastifyHook());
// Protected endpoint
fastify.get('/protected', async (req, reply) => {
const user = (req as any).webx403User;
return { message: '✅ Authenticated', wallet: user.address };
});
fastify.listen({ port: 3000 });
| Option | Type | Description |
|---|---|---|
| issuer | string | Identifier for your API (e.g. "my-api") |
| audience | string | Expected audience or domain of your API |
| ttlSeconds | number (optional) | Challenge time-to-live (default: 60) |
| bindMethodPath | boolean (optional) | Require binding to HTTP method + path |
| originBinding | boolean (optional) | Require origin header validation |
| replayStore | ReplayStore (optional) | Used to detect and block replayed requests |
| tokenGate | (address: string) => Promise<boolean> (optional) | Async check for wallet-based access (e.g. NFT ownership) |
import { inMemoryLRU, redisStore } from 'webx403-server';
inMemoryLRU(); // simple in-memory cache
redisStore(); // distributed cache via Redis (recommended for production)
interface WebX403Config {
issuer: string;
audience: string;
ttlSeconds?: number;
bindMethodPath?: boolean;
originBinding?: boolean;
replayStore?: ReplayStore;
tokenGate?: (address: string) => Promise<boolean>;
}
Middleware injects the authenticated user into the request:
interface WebX403User {
address: string; // Solana wallet address
challenge: object; // Challenge payload
}
Access it via:
(req as any).webx403User
replayStore for replay protectionbindMethodPath for method-level signingFAQs
WebX403 Server SDK - Secure, stateless web3 authentication middleware for Node.js applications
We found that webx403-server demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.