approveAgent — Signature verification fails on both Testnet and Mainnet despite correct EIP-712 parameters

[aliraza-cloudeva]

approveAgent — Signature verification fails on both Testnet and Mainnet despite correct EIP-712 parameters

Repository: asterdex / asterdex-api-docs (or wherever the official SDK/docs live)

---

Summary

Calling POST /fapi/v3/approveAgent always returns a signature verification error regardless of the signing approach used. We have verified the EIP-712 domain, field types, field order, chain ID, and nonce format across multiple attempts on both Testnet and Mainnet. The signature is rejected every time.

---

Environment

Property	Testnet	Mainnet
Endpoint	fapi.asterdex-testnet.com	fapi.asterdex.com
Signing method	eth_signTypedData_v4	eth_signTypedData_v4
Wallet	MetaMask (browser)	MetaMask (browser)
Network (BNB)	Chain 97	Chain 56
Library	ethers.js v6	ethers.js v6

---

What we tried

Attempt 1 — Full 10-field type (matching Python demo aster-code.py)

ApproveAgent: [
  { name: 'AgentName',    type: 'string'  },
  { name: 'AgentAddress', type: 'string'  },
  { name: 'IpWhitelist',  type: 'string'  },
  { name: 'Expired',      type: 'uint256' },
  { name: 'CanSpotTrade', type: 'bool'    },
  { name: 'CanPerpTrade', type: 'bool'    },
  { name: 'CanWithdraw',  type: 'bool'    },
  { name: 'AsterChain',   type: 'string'  },
  { name: 'User',         type: 'string'  },
  { name: 'Nonce',        type: 'uint256' },
]

→ Result: Signature check failed

Attempt 2 — 5-field type (inferred from official site MetaMask prompt)

Observed the MetaMask popup on www.asterdex-testnet.com which displayed exactly 5 fields:

Primary type:  ApproveAgent
AsterChain:    Testnet
AgentAddress:  0x...
AgentName:     @aster-desktop
Nonce:         1777380555670000
Expired:       1779972555668

Updated our type to match:

ApproveAgent: [
  { name: 'AsterChain',   type: 'string'  },
  { name: 'AgentAddress', type: 'string'  },
  { name: 'AgentName',    type: 'string'  },
  { name: 'Nonce',        type: 'uint256' },
  { name: 'Expired',      type: 'uint256' },
]

→ Result: Signature check failed

Attempt 3 — Domain chainId variations tried

chainId tried	Reasoning
56	Python eip712_template uses 56
97	Observed network in official MetaMask prompt (BNB Testnet)
714	AsterChain Testnet chain ID
1666	API docs reference

→ All result in: Signature check failed

Attempt 4 — Nonce format variations

Format	Example value
Date.now() (ms)	1714240000123
Math.floor(Date.now()/1000) * 1_000_000 (Python style, µs)	1714240000000000
Date.now() * 1000 (ms → µs)	1714240123000

The official site's MetaMask prompt shows 1777380555670000 — consistent with Date.now() * 1000.
→ All result in: Signature check failed at the API level.

---

Exact request being sent

POST /fapi/v3/approveAgent
Content-Type: application/x-www-form-urlencoded

agentName=mybot
&agentAddress=0x...
&ipWhitelist=
&expired=1779972555668
&canSpotTrade=false
&canPerpTrade=false
&canWithdraw=false
&asterChain=Testnet
&user=0x...
&nonce=1714240123000000
&signature=0x...
&signatureChainId=56

---

Questions

1. What is the exact EIP-712 type definition (ApproveAgent fields, types, and order) the server uses to verify the signature?
2. What chainId should the EIP-712 domain use — is it the BNB chain ID (97/56) or an Aster-specific ID (714/1666)?
3. What is the expected nonce format — milliseconds, microseconds, or something else?
4. Are all body parameters included in the signed message, or only a subset?
5. Is there a working JavaScript/TypeScript code example for approveAgent using eth_signTypedData_v4?

---

References

• Official Python demo: aster-code.py (sign_v3_eip712 + send_by_url)
• API docs: POST /fapi/v3/approveAgent
• MetaMask screenshot from www.asterdex-testnet.com showing the 5-field prompt

[thubiba]

My tests worked like this:

import time
import requests
from eth_account import Account
from eth_abi import encode
from eth_utils import keccak

===== CONFIG =====

user_ex = "0x0000"
signer_ex = "0x0000"
pk_ex = "0x0000"
host = "https://fapi.asterdex.com"
CHAIN_ID = 1666 # Só o que funciona

===== TIME SYNC =====

def get_timestamp():
try:
r = requests.get(f"{host}/fapi/v3/time", timeout=5)
server_time = r.json()['serverTime']
return str(server_time)
except:
return str(int(time.time() * 1000))

===== SIGN FUNCTION =====

def sign_manual(msg, pk):
dth = keccak(
text="EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)")
dh = keccak(encode(
["bytes32", "bytes32", "bytes32", "uint256", "address"],
[dth, keccak(text="AsterSignTransaction"), keccak(
text="1"), CHAIN_ID, bytes.fromhex("0000000000000000000000000000000000000000")]
))
mth = keccak(text="Message(string msg)")
mh = keccak(encode(["bytes32", "bytes32"], [mth, keccak(text=msg)]))
digest = keccak(b"\x19\x01" + dh + mh)
account = Account.from_key(pk)
return account._key_obj.sign_msg_hash(digest).to_hex()

===== FUNÇÃO PRINCIPAL - PEGA SALDO =====

def get_balance(asset="USDT"):
"""Retorna o saldo do ativo especificado"""
timestamp = get_timestamp()
nonce = str(int(timestamp) * 1000)

# Parâmetros
params = {
    'timestamp': timestamp,
    'recvWindow': '50000',
    'nonce': nonce,
    'user': user_ex.lower(),
    'signer': signer_ex.lower(),
    'asset': asset
}

# Cria string para assinar
param_str = '&'.join([f"{k}={v}" for k, v in params.items()])

# Assina
signature = sign_manual(param_str, pk_ex)
params['signature'] = signature

# Requisição
response = requests.get(f"{host}/fapi/v3/balance",
                        params=params, timeout=5)

if response.status_code == 200:
    data = response.json()
    if isinstance(data, list):
        for item in data:
            if item.get('asset') == asset:
                return float(item.get('balance', 0))
return 0.0

===== USO SIMPLES =====

if name == "main":
# Pega apenas o saldo que você quer
saldo_usdt = get_balance("USDT")
saldo_sand = get_balance("SAND")

# Mostra apenas os resultados
print(saldo_usdt)  
print(saldo_sand)