# SignMessage

After connecting to Solflare, an app can request that the user sign a message. Applications can create their own messages, which will be displayed to users from Solflare's signature prompt. Message signatures do not incur network fees and are a convenient way for apps to verify address ownership.

In order to send a message for the user to sign, an application must:&#x20;

1. Provide a **hex** or **UTF-8** encoded string as a Uint8Array and then **base58-encoded it**.
2. Request that the encoded message is signed via the user's Solflare wallet.

{% hint style="info" %}
For more information on how to verify the signature of a message, please refer to [Encryption Resources](https://docs.solflare.com/solflare/technical/deeplinks/encryption#encryption-resources).
{% endhint %}

### Base URL

```
https://solflare.com/ul/v1/signMessage
```

### Query String Parameters

* `dapp_encryption_public_key` **(required)**: The original encryption public key used from the app side for an existing [Connect](https://docs.solflare.com/solflare/technical/deeplinks/provider-methods/connect) session.
* `nonce` **(required)**: A nonce used for encrypting the request, encoded in base58.
* `redirect_link` **(required)**: The URI where Solflare should redirect the user upon completion. Please review [Specifying Redirects](https://docs.solflare.com/solflare/technical/deeplinks/specifying-redirects) for more details. URL-encoded.
* `payload` **(required)**: An encrypted JSON string with the following fields:

  ```json
  {
    "message": "...", // the message, base58 encoded
    "session": "...", // token received from connect-method
    "display": "utf8" | "hex", // the encoding to use when displaying the message 
  }
  ```

  * `message` **(required)**: The message that should be signed by the user, encoded in base58. Solflare will display this message to the user when they are prompted to sign.
  * `session` **(required)**: The session token received from the [Connect](https://docs.solflare.com/solflare/technical/deeplinks/provider-methods/connect) method. Please see Handling Sessions for more details.
  * `display` **(optional)**: How you want us to display the string to the user. Defaults to `utf8`

### Returns

#### Approve

* `nonce`: A nonce used for encrypting the response, encoded in base58.
* `data`: An encrypted JSON string. Refer to [Encryption](https://docs.solflare.com/solflare/technical/deeplinks/encryption) to learn how apps can decrypt `data` using a shared secret. Encrypted bytes are encoded in base58.

  ```json
  // content of decrypted `data`-parameter
  {
      signature: "...", // message-signature
  }
  ```

  * `signature`: The message signature, encoded in base58. For more information on how to verify the signature of a message, please refer to [Encryption Resources](https://docs.solflare.com/solflare/technical/deeplinks/encryption#encryption-resources).

#### Reject

An `errorCode` and `errorMessage` as query parameters.&#x20;

Please refer to [Errors](https://docs.solflare.com/solflare/technical/deeplinks/limitations#errors) for a full list of possible error codes.

```javascript
{
  "errorCode": "...",
  "errorMessage": "..."
}
```

### Example

Please refer to the [signMessage](https://github.com/solflare-wallet/deep-link-sample-app/blob/master/App.tsx#L299-L319) method implemented in our demo application.