Feature overview
This section explains Signature V2, Onramper's request signing system for Widget and API integrations. Signatures ensure that sensitive data — like wallet addresses and amounts — cannot be altered or tampered with in transit.
Why we do this
When your application passes a wallet address to Onramper, an attacker who can modify the request could redirect funds to their own wallet. A signature acts as a tamper-proof seal: Onramper verifies it on every request, and any modified request is rejected.
What's new in V2
Signature V2 replaces the V1 shared-secret (HMAC-SHA256) approach with Ed25519 asymmetric signatures:
| Feature | V1 (HMAC-SHA256) | V2 (Ed25519) |
|---|---|---|
| Key type | Shared secret | Asymmetric key pair |
| Replay protection | None built-in | Nonce + timestamp |
| Key rotation | Requires coordination | Grace period support |
| Secret exposure risk | Both parties hold the secret | Only you hold the private key |
How it works
- You generate an Ed25519 key pair. The private key never leaves your servers.
- You send the public key to Onramper during onboarding.
- You sign Widget URLs and API requests with your private key.
- Onramper verifies each signature against your registered public key.
Every signed request includes a timestamp and a nonce (a random UUID), making each request single-use and valid for a maximum of 15 minutes — so intercepted requests can't be replayed.
V1 will be deprecated. All new integrations must use V2. Existing partners should migrate — see Migrating from V1 to V2.

