Delegate Registration
To register a user with DOA using the API you first need to make sure you have the values for your request headers set up by following the Unauthenticated Requests setup guide.
Once you have your values for X-Scope-Id, X-Encrypted-User
and X-Encrypted-Key
setup, You can now initiate a delegated user registration.
Post that, you would need your own unique private key which you would use for signing. Follow the below guide ot generate it. Generating DOA Keys
The delegateRegister method registers a specific user within a specific scope. It generates user blockchain account on the backend and returns account_id
and identifier_hash
back.
Request Spec
HTTP Method: POST
X-Scope-Id: A UUID string representing the application scope.
X-Encrypted-Key: A string containing the encrypted key for secure communication.
Body:
encrypted_credential: A JSON object carrying the attestation with its signature
encrypted_user: User details json encrypted using aes key
const cryptoObj = typeof window !== "undefined" ? window.crypto : crypto;
const decrypt = async (algo, key, data) => {
try {
const decryptedResult = await cryptoObj.subtle.decrypt(algo, key, data);
return decryptedResult;
} catch (error) {
console.error("Decryption error:", error);
throw error;
}
};
const aesDecrypt = async (
cipherText: string,
encryptionKey: BufferSource,
keyFormat: "raw" = "raw",
keyLength: number = 256
) => {
if (!encryptionKey) {
throw Error("Encryption key not initialized");
}
let cryptoKey: CryptoKey;
let decryptedData: ArrayBuffer;
try {
const combined = Uint8Array.from(atob(cipherText), (c) => c.charCodeAt(0));
const iv = combined.slice(0, 12);
const encryptedData = combined.slice(12);
cryptoKey = await importKey(keyFormat, encryptionKey, { name: "AES-GCM", length: keyLength }, [
"decrypt",
]);
decryptedData = await decrypt({ name: "AES-GCM", iv }, cryptoKey, encryptedData);
const decoder = new TextDecoder();
return decoder.decode(new Uint8Array(decryptedData));
} catch (error) {
console.error("AES-GCM Decryption error:", error);
throw error;
}
};
const userDetails = {
username: payload.emailAddress,
}
const encrypted_user = await aesEncrypt(JSON.stringify(userDetails), aesKey);
const privateKeyBase64 = "your_base_encoded_kkey";
function createSignature(data, privateKey) {
const sign = crypto.createSign('SHA256');
sign.update(data);
sign.end();
return sign.sign(privateKey, 'base64');
}
function getPublicKey(privateKey) {
const publicKey = crypto.createPublicKey(privateKey);
const publicKeyDer = publicKey.export({ type: 'spki', format: 'der' });
return publicKeyDer.toString('base64');
}
async function sign(options) {
const privateKey = crypto.createPrivateKey({
key: Buffer.from(privateKeyBase64, 'base64'),
format: 'der',
type: 'pkcs8',
});
const signature = createSignature(options, privateKey);
const publicKeyId = getPublicKey(privateKey);
return {
kind: 'key', // Assuming 'Key' is the kind of credential you want to specify
id: publicKeyId,
clientData: options,
signature: signature,
algorithm: "SHA256",
};
}
const signature = await sign(encrypted_user);
const attestation = await aesEncrypt(JSON.stringify(signature), aesKey);
Response Spec
Success:
account_id: A UUID string that uniquely identifies the user's account.
identifier_hash: A string representing the hash of the user's identifier.
Error: An object containing error details.
Request Example
POST / HTTP/1.1
Host: tiramisu.0xpass.io
Content-Type: application/json
X-Scope-Id: 123e4567-e89b-12d3-a456-426614174000
X-Encrypted-Key: jp6...yKg==
{
"jsonrpc": "2.0",
"method": "delegatedRegistration",
"params": {
"encrypted_credential": {
KeySignature: {{attestation}}
},
"encrypted_user": "JZV...Ug=="
},
"id": 1
}
Response Example
HTTP/1.1 200 OK
Content-Type: application/json
{
"jsonrpc": "2.0",
"result": {
"account_id": "456e4567-e89b-12d3-a456-426614174000",
"identifier_hash": "0x25e...1617"
},
"id": 1
}
Last updated