Guides

Signed publication metadata

Suggest Edits

Lens Protocol now supports signing publication metadata to authenticate the origin of content. Applications can sign their publication metadata using a registered wallet to verify that content was published through their app.

Purpose

By signing publication metadata, apps can:

Verify Authenticity: Prove that the content was published on their platform.

Improve Security: Prevent unauthorized apps from masquerading as legitimate applications.

Prerequisites

As an app developer, once you implement signed metadata on your app, you can contact the Lens API team via Discord or Telegram to register your app's wallet address and map it to your app id. Once the address is successfully registered, it will be impossible for anyone to publish unsigned metadata using that app id.

Workflow

  1. Prepare the Publication Metadata Object: Create the metadata object as usual.

    import { textOnly } from '@lens-protocol/metadata';

const metadata = textOnly({
  content: "something cool"
});

    {
  "$schema": "https://json-schemas.lens.dev/publications/text-only/3.0.0.json",
  "lens": {
    "id": "017ba8d7-822f-42b9-bd8b-d1e9db25fc6c", // make sure this is randomly generated and unique
    "appId": "your-app-id",
    "locale": "en-US",
    "mainContentFocus": "TEXT_ONLY",
    "content": "something cool"
  }
}

    πŸ“˜

    If you are building Publication Metadata JSON manually make sure to use a unique metadata id; a randomly-generated UUID is a safe approach for most use cases.

  2. Sign the Metadata Object: Sign the metadata object you just created using the registered wallet's private key and the signMetadata helper (since @lens-protocol/[email protected]).

    import { signMetadata, textOnly } from '@lens-protocol/metadata';

const signed = await signMetadata(metadata, (message) => signer.signMessage(message));

  3. Use Signed Metadata Object: Upload the signed Metadata object as you would normally do and create the publication from its public URI.

Recap

import { Wallet } from 'ethers';
import { signMetadata, textOnly } from '@lens-protocol/metadata';

const signer = new Wallet(PRIVATE_KEY, jsonRpcProvider); // keep your private key safe

const metadata = textOnly({
  content: "something cool"
});

const signed = await signMetadata(metadata, (message) => signer.signMessage(message));

// then publish on Lens as you usually would using the `signed` metadata object

Additional resources

Signing data using ethers: https://docs.ethers.org/v5/api/signer/#Signer-signMessage

Updated 11 days ago