Delegate Registration

To register a user with DOA using the API you first need to make sure you have the values for your request headers set up by following the Unauthenticated Requests setup guide.

Once you have your values for X-Scope-Id, X-Encrypted-User and X-Encrypted-Key setup, You can now initiate a delegated user registration.

Post that, you would need your own unique private key which you would use for signing. Follow the below guide ot generate it. Generating DOA Keys

The delegateRegister method registers a specific user within a specific scope. It generates user blockchain account on the backend and returns account_id and identifier_hash back.

Request Spec


  • Headers

    • X-Scope-Id: A UUID string representing the application scope.

    • X-Encrypted-Key: A string containing the encrypted key for secure communication.

  • Body:

    • encrypted_credential: A JSON object carrying the attestation with its signature

    • encrypted_user: User details json encrypted using aes key

const cryptoObj = typeof window !== "undefined" ? window.crypto : crypto;

const decrypt = async (algo, key, data) => {
  try {
    const decryptedResult = await cryptoObj.subtle.decrypt(algo, key, data);
    return decryptedResult;
  } catch (error) {
    console.error("Decryption error:", error);
    throw error;

const aesDecrypt = async (
  cipherText: string,
  encryptionKey: BufferSource,
  keyFormat: "raw" = "raw",
  keyLength: number = 256
) => {
  if (!encryptionKey) {
    throw Error("Encryption key not initialized");
  let cryptoKey: CryptoKey;
  let decryptedData: ArrayBuffer;

  try {
    const combined = Uint8Array.from(atob(cipherText), (c) => c.charCodeAt(0));
    const iv = combined.slice(0, 12);
    const encryptedData = combined.slice(12);

    cryptoKey = await importKey(keyFormat, encryptionKey, { name: "AES-GCM", length: keyLength }, [

    decryptedData = await decrypt({ name: "AES-GCM", iv }, cryptoKey, encryptedData);

    const decoder = new TextDecoder();
    return decoder.decode(new Uint8Array(decryptedData));
  } catch (error) {
    console.error("AES-GCM Decryption error:", error);
    throw error;
const userDetails = {
   username: payload.emailAddress,
const encrypted_user = await aesEncrypt(JSON.stringify(userDetails), aesKey);

const privateKeyBase64 = "your_base_encoded_kkey";

function createSignature(data, privateKey) {
  const sign = crypto.createSign('SHA256');
  return sign.sign(privateKey, 'base64');

function getPublicKey(privateKey) {
  const publicKey = crypto.createPublicKey(privateKey);
  const publicKeyDer = publicKey.export({ type: 'spki', format: 'der' });
  return publicKeyDer.toString('base64');

async function sign(options) {
  const privateKey = crypto.createPrivateKey({
    key: Buffer.from(privateKeyBase64, 'base64'),
    format: 'der',
    type: 'pkcs8',

  const signature = createSignature(options, privateKey);
  const publicKeyId = getPublicKey(privateKey);

  return {
    kind: 'key', // Assuming 'Key' is the kind of credential you want to specify
    id: publicKeyId,
    clientData: options,
    signature: signature,
    algorithm: "SHA256",

const signature = await sign(encrypted_user);

const attestation = await aesEncrypt(JSON.stringify(signature), aesKey);

Response Spec

  • Success:

    • account_id: A UUID string that uniquely identifies the user's account.

    • identifier_hash: A string representing the hash of the user's identifier.

  • Error: An object containing error details.

Request Example

Content-Type: application/json
X-Scope-Id: 123e4567-e89b-12d3-a456-426614174000
X-Encrypted-Key: jp6...yKg==

  "jsonrpc": "2.0",
  "method": "delegatedRegistration",
  "params": {
    "encrypted_credential": { 
      KeySignature: {{attestation}}
    "encrypted_user": "JZV...Ug=="
  "id": 1

Response Example

HTTP/1.1 200 OK
Content-Type: application/json

  "jsonrpc": "2.0",
  "result": {
    "account_id": "456e4567-e89b-12d3-a456-426614174000",
    "identifier_hash": "0x25e...1617"
  "id": 1

Last updated