Providing a REST API to retrieve the user data
The Data Issuer is required to expose a REST API that facilitates secure user data token retrieval. The API should be designed to authenticate the user robustly, ensuring that only the legitimate owner can access the data. The zkPass SDK does not dictate the precise authentication mechanisms, API semantics, or response formats, providing developers the flexibility to implement an approach best suited to their application's architecture.
The Data Issuer needs to make sure the user data is in JSON encoding. The DVR app architecture does not dictate the schema or structure of the user data, however, JSON encoding is required.
By conforming to these guidelines, Data Issuers contribute to the robustness and security of the DVR app infrastructure, ensuring an optimized and secure experience for all users involved.
Signing the User Data
As the authority provisioning sensitive user data, the Data Issuer plays a critical role in the DVR ecosystem. To ensure the authenticity of the user data, the Data Issuer must sign this sensitive information into a JWS (JSON Web Signature) token. The signing of the user data by the Data Issuer is illustrated by part of the DVR/zkPass call sequence, which is highlighted in red below:
The Dvr module client SDK library provides a specialized utility method for this purpose: callDvrGenerateUserDataToken
. How to digitally sign the user data using the Dvr module client SDK library is illustrated by the code snippet below.
Parameters passed to callDvrGenerateUserDataToken
:
signingKey This is the signing private key owned by the Data Issuer.
JSON.stringify(data) This is a stringified JSON user data.
verifyingKey This is a key to validate user data token.