Script Examples

Signed Record

Save a record with an attestation signature attached.

Lexicon type: procedure

function handle()
  local r = Record(collection, {
    text = input.text,
    createdAt = now(),
  })
  r:save()

  local sig = nil
  if atproto.sign then
    sig = atproto.sign({ text = input.text, createdAt = r.createdAt })
  end

  return { uri = r._uri, cid = r._cid, signature = sig }
end

How it works

  1. Create and save the record.
  2. Sign the record fields with atproto.sign(). The nil guard lets the script work without a signer configured.
  3. Return the signature alongside the URI.

Usage

const response = await fetch("http://127.0.0.1:3000/xrpc/xyz.example.createPost", {
  method: "POST",
  headers: {
    "X-Client-Key": CLIENT_KEY,
    Authorization: `Bearer ${TOKEN}`,
    "Content-Type": "application/json",
  },
  body: JSON.stringify({ text: "Hello world" }),
});
const data = await response.json();
{
  "uri": "at://did:plc:abc/xyz.example.post/3abc123",
  "cid": "bafyrei...",
  "signature": {
    "$type": "your.app.attestation",
    "key": "did:web:happyview.example.com#attestation",
    "signature": { "$bytes": "..." }
  }
}

Use case

Attestation signatures let clients verify that a record was processed by your HappyView instance — useful for contributions, moderation decisions, or cross-instance data where provenance matters. The signature covers both the record content and the author's DID, so it can't be replayed across users or tampered with.

See Attestation Signing for setup and configuration, or Verify Signed Record for the read-side counterpart.

Complex Mutations

Previous Page

Verify Signed Record

Next Page

On this page

How it worksUsageUse case