# Digital Signature Verification

With Authento, you can easily implement on-chain access control using digital signatures as shown below.

<figure><img src="/files/5mmYgnv1E8M8ayIZju9P" alt=""><figcaption><p>Digital signature verification flow. This assumes the user to have completed Authento KYC previously.</p></figcaption></figure>

## Steps

1. Generate an API key/secret pair from the [Authento Dashboard](https://dashboard.authento.io) under the *Settings* tab
2. \[Backend] Configure the server to handle generation of digital signatures based on user KYC status retrieved using Authento API.
3. \[Smart Contract] Implement on-chain signature verification.
4. \[Frontend] Set up callbacks to execute the appropriate smart contract function when digital signature is successfully fetched from the backend.

## Backend

On the backend, you need to set up an endpoint which handles request for digital signatures needed for on-chain verification. This can be done by:

1. Retrieve the KYC/AML status of the address owner using the Authento API.  To learn more about the Authento API, please go to the [endpoints](/authento-api/api-reference/endpoints.md) section.
2. Determine if the address owner should be allowed access to the smart contract based on the user information retrieved in step 1. If so,  generate and return a digital signature along with other optional parameters such as expire timestamp.

{% hint style="danger" %}
The API response from Authento contains sensitive information and should NOT be directly relayed to the end user.
{% endhint %}

* [Next.js backend example](https://github.com/Authento/usage-examples/blob/main/address-based/on-chain-access-control/src/app/api/signature/route.ts)

## Smart Contract

There are a few things we need to do on the smart contract:

1. implement a \_recoverSigner function which returns the wallet used to create a particular signature.
2. Modify any function which requires access control to take signature (and other optional parameters used to generate the signature, such as expire timestamp) as additional argument(s).&#x20;
3. For each of the functions modified in step 2, ensure that the  \_recoverSigner returns the valid address and that all other required conditions are met.

#### **Smart Contract Example**

{% code lineNumbers="true" %}

```solidity
//SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

import "@openzeppelin/contracts/access/Ownable.sol";
import "@openzeppelin/contracts/token/ERC721/ERC721.sol";
import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
import "@openzeppelin/contracts/utils/cryptography/MessageHashUtils.sol";

contract AuthentoOnChainAccess is ERC721, Ownable {
    using ECDSA for bytes32;
    uint256 private tokenIdCounter;

    constructor(
        address initialOwner
    ) ERC721("Authento On Chain Access", "AUX") Ownable(initialOwner) {}

    function _recoverSigner(
        uint256 expireTs,
        bytes memory signature
    ) private view returns (address) {
        bytes32 messageHash = MessageHashUtils.toEthSignedMessageHash(
            keccak256(abi.encodePacked(msg.sender, expireTs))
        );
        return ECDSA.recover(messageHash, signature);
    }

    function mint(uint256 expireTs, bytes memory signature) external {
        require(block.timestamp < expireTs, "Expired");
        require(
            _recoverSigner(expireTs, signature) == owner(),
            "Incorrect signature"
        );
        _safeMint(msg.sender, tokenIdCounter++);
    }
}
```

{% endcode %}

## Frontend

On the frontend, you should set up callbacks to execute the appropriate smart contract function upon successful signature generation. If you frontend is built using react, you can do so using the [useSignature](/authento-api/authento-react/usesignature.md) custom hook from the authento-react package.

## Example

* [React/Next.js frontend + backend](https://github.com/Authento/usage-examples/tree/main/address-based/on-chain-access-control)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://authento.gitbook.io/authento-api/integration-guidance/address-based-verification/on-chain-access-control/digital-signature-verification.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.