> ## Documentation Index
> Fetch the complete documentation index at: https://docs.starkfi.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Wallet challenge

> Request a signable message to prove wallet ownership before KYC prepare-wallet.

<ParamField header="x-api-key" type="string" required placeholder="your-api-key">
  Your StarkFi API key.
</ParamField>

<ParamField body="wallet" type="string" required>
  Payer wallet address (EVM or Solana). The server normalizes the format.
</ParamField>

<ParamField body="purpose" type="string">
  Challenge purpose. Use `kyc` for the KYC wallet flow (default).
</ParamField>

<RequestExample>
  ```bash cURL theme={null}
  curl --request POST \
    --url https://api.starkfi.io/security/wallet/challenge \
    --header 'Content-Type: application/json' \
    --header 'x-api-key: <api_key>' \
    --data '{
      "wallet": "FmTGYpzX27fDqaiytXUdFVaphC5o68G61Q3uhVM2d8bm",
      "purpose": "kyc"
    }'
  ```
</RequestExample>

<ResponseExample>
  ```json 201 - Success theme={null}
  {
    "statusCode": 201,
    "success": true,
    "status": "challenge_created",
    "message": "Sign this message with your wallet",
    "data": {
      "message": "StarkFi KYC verification\nWallet: FmTGYpzX27fDqaiytXUdFVaphC5o68G61Q3uhVM2d8bm\n...",
      "wallet": "FmTGYpzX27fDqaiytXUdFVaphC5o68G61Q3uhVM2d8bm",
      "wallet_chain": "solana"
    }
  }
  ```

  ```json 400 - Bad Request theme={null}
  {
    "statusCode": 400,
    "success": false,
    "status": "invalid_wallet",
    "message": "Wallet challenge failed"
  }
  ```
</ResponseExample>

Challenges expire after **10 minutes**. Sign the exact `message` returned, then call [Prepare KYC (wallet)](/prepare-wallet) with `signed_bytes`.