search

Authentication

Withdrawals from PDAs require proof of Twitter account ownership.

hashtag
Withdrawal Flow

  1. User logs into claimr.app with Twitter

  2. Backend verifies account ownership

  3. Backend signs a withdrawal permit

  4. Smart contract verifies the signature on-chain before releasing funds

Signature verification uses Solana's Ed25519 precompile. The check runs on-chain, not on Claimr's backend.

hashtag
Security Properties

Replay prevention — Each withdrawal uses a unique nonce. Reusing a signature causes the transaction to fail.

Tamper resistance — The signature covers destination, amount, and nonce. Modifying any parameter invalidates the permit.

On-chain enforcement — All checks are performed by the smart contract. Security guarantees hold regardless of backend state.

hashtag
For Integrators

Lookups and collection require no authentication:

curl "https://claimr.app/api/wallet/lookup?handle=someone"

Withdrawals are handled through claimr.apparrow-up-right, where Twitter OAuth is managed.

PreviousTwo AddressesNextFees

Last updated