Verify API is a security-focused feature that allows wallets to notify end-users when they may be connecting to a suspicious or malicious domain, helping to prevent phishing attacks across the industry. Once a wallet knows whether an end-user is on uniswap.com or eviluniswap.com, it can help them to detect potentially harmful connections through Verify’s combined offering of Reown’s domain registry. For those looking to enable Verify on the app side, check out our reference guide here.
When a user initiates a connection with an application, Verify API enables wallets to present their users with four key states that can help them determine whether the domain they’re about to connect to might be malicious.
These are:
Verify API is not designed to be bulletproof but to make the impersonation attack harder and require a somewhat sophisticated attacker. We are working on a new standard with various partners to close those gaps and make it bulletproof.
The Verify security system will discriminate session proposals & session requests with distinct validations that can be either VALID
, INVALID
or UNKNOWN
.
verifyContext
included in the request will have a validation of VALID
.verifyContext
included in the request will have a validation of UNKNOWN
.verifyContext
included in the request will have a validation of INVALID
verifyContext
included in the request will contain parameter isScam
with value true
.To check the Verify API validations and whether or not your user is interacting with potentially malicious app, you can do so by accessing the verifyContext
included in the request payload.
For live demo examples of the intended Verify API flows, check out our demo apps:
gear
& selecting the decided Validation before connecting to the walletisScam
parameter set to true
in the verifyContext
of the requestVerify API is a security-focused feature that allows wallets to notify end-users when they may be connecting to a suspicious or malicious domain, helping to prevent phishing attacks across the industry. Once a wallet knows whether an end-user is on uniswap.com or eviluniswap.com, it can help them to detect potentially harmful connections through Verify’s combined offering of Reown’s domain registry. For those looking to enable Verify on the app side, check out our reference guide here.
When a user initiates a connection with an application, Verify API enables wallets to present their users with four key states that can help them determine whether the domain they’re about to connect to might be malicious.
These are:
Verify API is not designed to be bulletproof but to make the impersonation attack harder and require a somewhat sophisticated attacker. We are working on a new standard with various partners to close those gaps and make it bulletproof.
The Verify security system will discriminate session proposals & session requests with distinct validations that can be either VALID
, INVALID
or UNKNOWN
.
verifyContext
included in the request will have a validation of VALID
.verifyContext
included in the request will have a validation of UNKNOWN
.verifyContext
included in the request will have a validation of INVALID
verifyContext
included in the request will contain parameter isScam
with value true
.To check the Verify API validations and whether or not your user is interacting with potentially malicious app, you can do so by accessing the verifyContext
included in the request payload.
For live demo examples of the intended Verify API flows, check out our demo apps:
gear
& selecting the decided Validation before connecting to the walletisScam
parameter set to true
in the verifyContext
of the request