MetaData Encryption

If you are tracking end users in your backend through an internal UUID, transaction number, stripe ID, etc., you can use the metaData object to securely pass encrypted end user information to identify completed verifications. 
The metaData object allows you to pass an encrypted JSON string via a private key encoded in base64 on the client-side, and then Passbase will use your public key to return the data on the Passbase API.
Generate Encryption Keys
Create your private key by running the following terminal command:
openssl genrsa -out ~/passbase-test-private-key.pem 4096
Generate the public key associated to the private key by running the following terminal command. Copy the content of ~/passbase-test-public-key.pub into your clipboard.
openssl rsa -in ~/passbase-test-private-key.pem -out ~/passbase-test-public-key.pub -pubout
​
Add Public Encryption Key to your Project
Enter the public encryption key copied from your clipboard within the developer dashboard for each individual project. 
​
Encrypt Data in Backend
The metaData object requires an encrypted JSON string via the private key encoded in base64.  Below are examples of how to create an encrypted JSON string in your backend. 
JavaScript
Python
Go
Ruby
PHP
Kotlin
const crypto = require("crypto");
const fs = require("fs");
const metadata = {foo: "bar"};
const pkey = crypto.createPrivateKey({format: 'pem', key: fs.readFileSync("~/passbase-test-private-key.pem")});
const encrypted_metadata = crypto.privateEncrypt(pkey, Buffer.from(JSON.stringify(metadata))).toString('base64');
import base64
import subprocess
import tempfile
metadata = bytearray('{"foo": "bar"}', 'utf-8')
with open("~/passbase-test-private-key.pem", "rb") as f:
    p = subprocess.Popen(
        "openssl rsautl -sign -inkey " + f.name,
        shell=True,
        stdin=subprocess.PIPE,
        stdout=subprocess.PIPE,
        stderr=subprocess.PIPE)
    stdout, stderr = p.communicate(input=metadata)
    encrypted_metadata = base64.b64encode(stdout)
rng := rand.Reader
metadata := []byte("{\"foo\": \"bar\"}")
priv, _ := ioutil.ReadFile("~/passbase-test-private-key.pem")
privPem, _ := pem.Decode(priv)
privateKey, _ := x509.ParsePKCS1PrivateKey(privPem.Bytes)
signature, _ := rsa.SignPKCS1v15(rng, privateKey, crypto.Hash(0), metadata[:])
encrypted_metadata := base64.StdEncoding.EncodeToString(signature)
metadata = {"foo" => "bar"}
key = OpenSSL::PKey::RSA.new(File.read("~/passbase-test-private-key.pem"))
encrypted_metadata = Base64.encode64(key.private_encrypt(metadata.to_json))
<?php
​
$metadata = array("foo" => "bar");
$private_key = openssl_pkey_get_private("file://~/passbase-test-private-key.pem");
​
$encrypted_metadata_bytes = "";
openssl_private_encrypt(json_encode($metadata), $encrypted_metadata, $private_key);
​
$encrypted_metadata = base64_encode($encrypted_metadata_bytes);
An example how this can be achieved in Kotlin was generously open-sourved and provided by one of our clients in this gist here. Thank you for the effort & help Sam! 🚀
​
​
Pass metaData Object
After encrypting the data in your backend, you will need to pass the private key encoded in base64 to Passbase through the client-side frontend.
​
Value
metaData
Encrypted JSON string via the private key encoded in base64
HTML + JS
React
Angular
iOS
Kotlin
Java
React Native
Flutter
<script type="text/javascript">
  const element = document.getElementById("passbase-button")
  const apiKey = "YOUR_API_KEY"
​
  Passbase.renderButton(element, apiKey, {
    {
      prefillAttributes: {
        email: "[email protected]",
        country: "de"
      }
    },
    // Signed and Armored Metadata, which contain {"email": "[email protected]", "country": "de", ...}
    metaData: "AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD"
    onFinish: (identityAccessKey) => {
      console.log(identityAccessKey)
      // Open new window for end user to prevent duplicate verifications
      window.location.href =("https://passbase.com/")
    }
  })        
</script>
import React from 'react';
import VerifyButton from "@passbase/button/react";
​
function App() {
  const referenceUserWithKey = (key) => {
    console.log(key)
    // Make request to your backend/db and save the key to the user's profile
  }
​
  return (
    <div className="App">
      <VerifyButton
        apiKey={"YOUR_PUBLISHABLE_API_KEY"}
        onSubmitted={(identityAccessKey) => {
          referenceUserWithKey(identityAccessKey)
        }}
        onFinish={(identityAccessKey) => {
        // Open new window for end user to prevent duplicate verifications
          window.location.href =("https://passbase.com/")
        }}
        onError={(errorCode) => {}}
        onStart={() => {}}
        prefillAttributes={{
          email: "[email protected]"
        }}
        // Signed and Armored Metadata, which contain {internal_customer_id: "XYZ", "email": "[email protected]", "country": "de", ...}
        metaData={{
          "AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD"
        }}
      />
    </div>
  );
}
const onSubmit = (identityAccessKey) => {
  console.log(identityAccessKey)
  // Make a request to your backend/db and save the key to your user's profile
}
​
Passbase.renderButton(
  this.passbaseButton.nativeElement, 
  "YOUR_API_KEY",
  {
    onSubmitted: (identityAccessKey) => {},
    onFinish: (identityAccessKey) => {
    // Open new window for end user to prevent duplicate verifications
      window.location.href =("https://passbase.com/")
    },
    prefillAttributes: {
          email: "[email protected]",
          country: "de"
    },
    // Signed and Armored Metadata, which contain {"email": "[email protected]", "country": "de", ...}
    metaData: {
          "AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD"
    }
  }
)
import Passbase
import UIKit
​
class ViewController: UIViewController {
​
    override func viewDidLoad() {
        super.viewDidLoad()
        
        // Signed and Armored Metadata, which contain {internal_customer_id: "XYZ", "email": "[email protected]", "country": "de", ...}
        PassbaseSDK.metaData = "AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD"
​
        let button = PassbaseButton(frame: CGRect(x: 40, y: 90, width: 300, height: 60))
        self.view.addSubview(button)
    }
}
package com.passbase.androiddemoapp
​
import androidx.appcompat.app.AppCompatActivity
import android.os.Bundle
​
// 1. Add import of Passbase SDK and the Passbase Button to the top
import com.passbase.passbase_sdk.PassbaseSDK
import com.passbase.passbase_sdk.PassbaseButton
​
class MainActivity : AppCompatActivity() {
​
    override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)
        setContentView(R.layout.activity_main)
​
        val passbaseRef = PassbaseSDK(this)
        passbaseRef.initialize("YOUR_PUBLISBALE_API_KEY")
        
        // Signed and Armored Metadata, which contain {internal_customer_id: "XYZ", "email": "[email protected]", "country": "de", ...}
        passbaseRef.metaData = "AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD"
    }
​
package com.passbase.androiddemoapp;
​
import androidx.appcompat.app.AppCompatActivity;
import android.os.Bundle;
​
// 1. Add import of Passbase SDK and the Passbase Button to the top
import com.passbase.passbase_sdk.Passbase;
import com.passbase.passbase_sdk.PassbaseButton;
​
public class MainActivity extends AppCompatActivity {
​
    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);
​
        PassbaseSDK passbaseRef = new PassbaseSDK(this);
        passbaseRef.initialize("YOUR_PUBLISHABLE_API_KEY");
        
        // Signed and Armored Metadata, which contain {internal_customer_id: "XYZ", "email": "[email protected]", "country": "de", ...}
        passbaseRef.setMetaData("AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD");
    }
}
// Signed and Armored Metadata, which contain {internal_customer_id: "XYZ", "email": "[email protected]", "country": "de", ...}
PassbaseSDK.setMetaData("AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD")
import 'package:passbase_flutter/passbase_flutter.dart';
​
...
// Signed and Armored Metadata, which contain {internal_customer_id: "XYZ", "email": "[email protected]", "country": "de", ...}
PassbaseSDK.metaData = "AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD"
...
Feature available from Web SDK version 3.3.1 and Mobile SDK version 2.4.0
​
Call Passbase API
After a user completes a verification and you receive the VERIFICATION_REVIEWED webhook event, it is time to call the Passbase Get Identity endpoint.  Using this API endpoint, you will see the new metaData object returned.
If the public encryption key is not added to the developer dashboard, you will not see the metaData information returned on the API.
{
   id: "1234-1234-1234-1234",
   resources: [...],
   metadata: { internal_customer_id: "XYZ" }
}

server - Previous

API Reference

Next - server

No Code Solution

Last modified 7mo ago

Copy link

Outline

Generate Encryption Keys

Add Public Encryption Key to your Project

Encrypt Data in Backend

Pass metaData Object

Call Passbase API

Generate Encryption Keys

​

Add Public Encryption Key to your Project

Encrypt Data in Backend

Pass metaData Object

​

Call Passbase API