> ## Documentation Index
> Fetch the complete documentation index at: https://docs.portalhq.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Sign a transaction or message by chain

> Signs a transaction or message using an RPC method and chain ID.

The `Idempotency-Key` header is accepted only for broadcast methods
(for example `eth_sendTransaction`, `sol_signAndSendTransaction`).
Supplying the header with a non-broadcast method returns 400.




## OpenAPI

````yaml /openapi/enclave-mpc-api.yaml post /v1/sign
openapi: 3.1.0
info:
  title: Portal Enclave MPC API
  version: '1.0'
  description: |
    The Enclave MPC API provides endpoints for MPC wallet generation, signing,
    backup, and recovery. All endpoints require a Client API Key or Client
    Session Token as a Bearer token.

    ## Base URL
    `https://mpc-client.portalhq.io`
servers:
  - url: https://mpc-client.portalhq.io
security:
  - bearerAuth: []
tags:
  - name: MPC Operations
    description: MPC wallet generation, signing, asset transfers, backup, and recovery
paths:
  /v1/sign:
    post:
      tags:
        - MPC Operations
      summary: Sign a transaction or message by chain
      description: |
        Signs a transaction or message using an RPC method and chain ID.

        The `Idempotency-Key` header is accepted only for broadcast methods
        (for example `eth_sendTransaction`, `sol_signAndSendTransaction`).
        Supplying the header with a non-broadcast method returns 400.
      operationId: sign
      parameters:
        - $ref: '#/components/parameters/IdempotencyKey'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SignRequest'
            example:
              share: eyJjbG...
              method: eth_sendTransaction
              params:
                value: '0x01'
                from: ''
                to: '0xdFd8302f44727A6348F702fF7B594f127dE3A902'
                data: ''
              rpcUrl: https://api.portalhq.io/rpc/v1/eip155/10143
              chainId: eip155:10143
      responses:
        '200':
          description: Signed successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SignResponse'
              example:
                data: >-
                  0xf7a6a07fa599db56fca50fa1202670b59054e7ed452ea57b3f5b43148b8bdb165beb3a4b0fd532162a1f0fd475de1a9ecd07c95186f7a0856ce1bffa45e3acc91b
        '400':
          description: Bad request
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/MpcErrorResponse'
              example:
                id: RPC_OP_FAILED
                message: 'Failed to send transaction: details'
        '401':
          description: Unauthorized
          content:
            text/plain:
              schema:
                type: string
              example: Incorrect API key format
        '404':
          description: >-
            Portal-managed presignature not found or not decryptable with the
            supplied share
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/MpcErrorResponse'
        '409':
          description: Idempotent request already completed
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/IdempotencyConflict'
        '422':
          description: Idempotency key reused with different payload
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/IdempotencyReuse'
components:
  parameters:
    IdempotencyKey:
      name: Idempotency-Key
      in: header
      required: false
      description: |
        A caller-provided key used for safe retries. Behavior depends on the
        endpoint:

        - **`POST /v1/presign/{curve}` with `managed: true`** — retrying a
          completed request with the same key returns the same
          `{id, expiresAt}` (200). If the original attempt is still in
          progress, the retry returns 409 with a `Retry-After` header; if
          the original attempt failed before completing, it returns 409
          without `Retry-After` (caller should retry with a new key).
          Reusing a key after the wallet's signing share has changed (for
          example, after a reshare or recovery) returns 422.
        - **`POST /v1/sign`** — only honored for broadcast methods (for
          example `eth_sendTransaction`, `sol_signAndSendTransaction`).
          Supplying the header with a non-broadcast method returns 400.
          For broadcast methods, retrying a completed request returns 409
          (`IDEMPOTENT_REQUEST_ALREADY_COMPLETED`), and reuse with a
          different payload returns 422. On 409, the response body does
          not include the original signing result — the header prevents
          double-execution, it does not replay the prior response.
        - **`POST /v1/assets/send`** — retrying a completed request returns
          409 (`IDEMPOTENT_REQUEST_ALREADY_COMPLETED`), and reuse with a
          different payload returns 422. On 409, the response body does
          not include the original `transactionHash` — the header prevents
          double-submission, it does not replay the prior response.

        Client-stored presignature creation does not currently honor this
        header.
      schema:
        type: string
  schemas:
    SignRequest:
      type: object
      description: Request body for signing a transaction or message by chain.
      properties:
        method:
          type: string
          description: |
            The signer RPC method (e.g. `personal_sign`, `eth_sendTransaction`,
            `sol_signAndSendTransaction`).
        params:
          oneOf:
            - type: object
            - type: array
          description: |
            The parameters for the RPC method as a JSON object or array
            (e.g. `{"value": "0x01", "from": "", "to": "0x...", "data": ""}`).
        share:
          type: string
          description: The MPC share for the relevant curve.
        chainId:
          type: string
          description: The blockchain network as a CAIP-2 chain ID (e.g. `eip155:10143`).
        to:
          type: string
          description: The recipient's address.
        rpcUrl:
          type: string
          description: The node provider RPC URL.
        metadataStr:
          type: string
          description: Optional metadata string for the transaction.
        sponsorGas:
          type: boolean
          description: |
            Set to `false` to opt out of gas sponsorship for Account Abstraction
            clients. Defaults to `true` when omitted.
        presignature:
          type: string
          description: >
            The `data` value from a client-stored presign response. Omit for
            standard

            (non-presigned) signing. Mutually exclusive with `presignatureId`.
        presignatureId:
          type: string
          description: >
            The `id` value from a Portal-managed presign response. Omit for
            standard

            (non-presigned) signing. Mutually exclusive with `presignature`.
      required:
        - method
        - params
        - share
        - chainId
        - to
        - rpcUrl
    SignResponse:
      type: object
      description: Response containing the signed data.
      properties:
        data:
          type: string
          description: The signed data as a hex string.
      required:
        - data
    MpcErrorResponse:
      type: object
      description: Standard error response from the Enclave MPC API.
      properties:
        id:
          type: string
          description: >-
            Short error identifier (e.g. `DKG_FAILED`, `BAD_REQUEST`,
            `RPC_OP_FAILED`).
        message:
          type: string
          description: Human-readable error details.
      required:
        - id
    IdempotencyConflict:
      type: object
      description: >-
        Returned when the Idempotency-Key has already been used with an
        identical request body.
      properties:
        id:
          type: string
          example: IDEMPOTENT_REQUEST_ALREADY_COMPLETED
        message:
          type: string
          example: Request already completed
      required:
        - id
        - message
    IdempotencyReuse:
      type: object
      description: >-
        Returned when the Idempotency-Key has already been used with a different
        request body.
      properties:
        id:
          type: string
          example: IDEMPOTENCY_KEY_REUSED
        message:
          type: string
          example: Idempotency key reused for different request payload
      required:
        - id
        - message
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: Client API Key or Client Session Token

````