Skip to main content
The Go module is a backend signing utility only. It is used to generate rp_context signatures for IDKit requests, and does not run client-side IDKit request flows.

Install

go get github.com/worldcoin/idkit/go/idkit@latest

Generate RP signature

One-shot signing

Use SignRequest with functional options for the simplest integration: 
import "github.com/worldcoin/idkit/go/idkit"

// For uniqueness proofs: include the action
sig, err := idkit.SignRequest(
	os.Getenv("RP_SIGNING_KEY"),
	idkit.WithAction("my-action"),
)
if err != nil {
	// handle error
}

rpContext := map[string]any{
	"rp_id":      "rp_xxxxx",
	"nonce":      sig.Nonce,
	"created_at": sig.CreatedAt,
	"expires_at": sig.ExpiresAt,
	"signature":  sig.Sig,
}

Reusable signer

For high-throughput backends, create a Signer once and reuse it. This parses the key upfront and avoids repeated allocations. 
signer, err := idkit.NewSigner(os.Getenv("RP_SIGNING_KEY"))
if err != nil {
	log.Fatal(err)
}

// Use in your request handler
sig, err := signer.SignRequest(
	idkit.WithAction("my-action"),
	idkit.WithTTL(600), // optional, default 300s
)

API

Functions

FunctionDescription
SignRequest(signingKeyHex, opts...)One-shot signing with options
SignRequestWithTTL(signingKeyHex, ttl)Convenience wrapper with custom TTL
NewSigner(signingKeyHex)Creates a reusable Signer from a hex key

Options

OptionDescription
WithAction(action)Hashes and appends the action to the signed payload (required for uniqueness proofs)
WithTTL(ttl)Overrides the default 300-second TTL

RpSignature

type RpSignature struct {
	Sig       string `json:"sig"`        // 0x-prefixed, 65-byte hex
	Nonce     string `json:"nonce"`      // 0x-prefixed, 32-byte field element
	CreatedAt uint64 `json:"created_at"` // Unix seconds
	ExpiresAt uint64 `json:"expires_at"` // Unix seconds
}