Web bot authentication host. Serves an HTTP Message Signatures directory endpoint using Ed25519 keys, following the HTTP Message Signatures standard.
A demo instance of the service is accessible at https://test.wbauth.lightpanda.io/.well-known/http-message-signatures-directory
WBA_PRIVATE_KEY="$(cat key.pem)" wbauth [options]
| Variable | Description | Default |
|---|---|---|
WBA_PRIVATE_KEY |
Ed25519 private key in PEM format (required) | — |
WBA_API_ADDRESS |
HTTP server listen address | 127.0.0.1:8081 |
-api-addr— HTTP server listen address (overridesWBA_API_ADDRESS)-verbose— Enable debug log level
Health check endpoint. Returns an empty 200 OK response.
$ curl http://127.0.0.1:8081/ack -i
HTTP/1.1 200 OK
Date: Mon, 17 Mar 2026 12:00:00 GMT
Content-Length: 0
Returns the Ed25519 public key in JWK format. The response is signed according to RFC 9421 — HTTP Message Signatures.
- Content-Type:
application/http-message-signatures-directory+json - Signature tag:
http-message-signatures-directory - Signature expiration: 60 seconds
$ curl http://127.0.0.1:8081/.well-known/http-message-signatures-directory -i
HTTP/1.1 200 OK
Content-Type: application/http-message-signatures-directory+json
Signature: http-message-signatures-directory=:BASE64_SIGNATURE:
Signature-Input: http-message-signatures-directory=("@authority");created=...;expires=...;keyid="..."
{
"keys": [
{
"kty": "OKP",
"crv": "Ed25519",
"x": "BASE64_PUBLIC_KEY"
}
]
}
Apache 2.0 — See LICENSE.