As the above table shows, some requests need extra authentication in the request header.
Listed as below:
Request
EDDSA
ECDSA
Approved Hash
X-API-SIG in header
submitTransfer
Y
Optional
Y
EIP712 signed structure
submitOffchainWithdraw
Y
Optional
Y
EIP712 signed structure
updateAccount
Y
Y
Y
EIP712 signed structure
So, If a user wants to do submitTransfer, submitOffchainWithdraw and updateAccount, in addition to the EdDSA signature, you also need to use ECDSA to sign them and put the signature in the request header. Loopring 3.6 uses the EIP712 standard, A user needs to serialize specific fields of a request, say transfer into an EIP712 compatible structure, and then use standard EIP712 hash algorithm to calculate the hash of the structure, and then use personal _sign, to sign the combined string.
The code for EIP712 signing in python is as follows:
The EIP712 structure declarations of each requests types can be found in the Loopring contract, or from our reference code base. Below is the withdrawal request EIP712 structure.
Please NOTE: The final string in request header is a 134 bytes hex string which is constructed as the below code shows:
v, r, s = sig_utils.ecsign(message, self.ecdsaKey) header['X-API-SIG']="0x"+bytes.hex(v_r_s_to_signature(v, r, s))+"02"
It starts with '0x' to indicate hex format and ends with '02' which stands for EIP_712 signature type. Forgetting to add '02' type leads to signature verification failure as the Relay has no hint on the verification method.