MetaData Encryption
This guide helps you set up encryption to receive metaData from Passbase
If you are tracking end users in your backend through an internal UUID, transaction number, stripe ID, etc., you can use the metaData object to securely pass encrypted end user information to identify completed verifications.
The metaData object allows you to pass an encrypted JSON string via a private key encoded in base64 on the client-side, and then Passbase will use your public key to return the data on the Passbase API.
Create your private key by running the following terminal command:
openssl genrsa -out ~/passbase-test-private-key.pem 4096
Generate the public key associated to the private key by running the following terminal command. Copy the content of
~/passbase-test-public-key.pub into your clipboard.openssl rsa -in ~/passbase-test-private-key.pem -out ~/passbase-test-public-key.pub -pubout
Enter the public encryption key copied from your clipboard within the developer dashboard for each individual project.
The
metaData object requires an encrypted JSON string via the private key encoded in base64. Below are examples of how to create an encrypted JSON string in your backend. JavaScript
Python
Go
Ruby
PHP
Kotlin
const crypto = require("crypto");
const fs = require("fs");
const metadata = {foo: "bar"};
const pkey = crypto.createPrivateKey({format: 'pem', key: fs.readFileSync("~/passbase-test-private-key.pem")});
const encrypted_metadata = crypto.privateEncrypt(pkey, Buffer.from(JSON.stringify(metadata))).toString('base64');
import base64
import subprocess
import tempfile
metadata = bytearray('{"foo": "bar"}', 'utf-8')
with open("~/passbase-test-private-key.pem", "rb") as f:
p = subprocess.Popen(
"openssl rsautl -sign -inkey " + f.name,
shell=True,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
stdout, stderr = p.communicate(input=metadata)
encrypted_metadata = base64.b64encode(stdout)
rng := rand.Reader
metadata := []byte("{\"foo\": \"bar\"}")
priv, _ := ioutil.ReadFile("~/passbase-test-private-key.pem")
privPem, _ := pem.Decode(priv)
privateKey, _ := x509.ParsePKCS1PrivateKey(privPem.Bytes)
signature, _ := rsa.SignPKCS1v15(rng, privateKey, crypto.Hash(0), metadata[:])
encrypted_metadata := base64.StdEncoding.EncodeToString(signature)
metadata = {"foo" => "bar"}
key = OpenSSL::PKey::RSA.new(File.read("~/passbase-test-private-key.pem"))
encrypted_metadata = Base64.encode64(key.private_encrypt(metadata.to_json))
<?php
$metadata = array("foo" => "bar");
$private_key = openssl_pkey_get_private("file://~/passbase-test-private-key.pem");
$encrypted_metadata_bytes = "";
openssl_private_encrypt(json_encode($metadata), $encrypted_metadata, $private_key);
$encrypted_metadata = base64_encode($encrypted_metadata_bytes);
An example how this can be achieved in Kotlin was generously open-sourved and provided by one of our clients in this gist here. Thank you for the effort & help Sam!
🚀
After encrypting the data in your backend, you will need to pass the private key encoded in base64 to Passbase through the client-side frontend.
| Value |
metaData | Encrypted JSON string via the private key encoded in base64 |
HTML + JS
React
Angular
iOS
Kotlin
Java
React Native
Flutter
<script type="text/javascript">
const element = document.getElementById("passbase-button")
const apiKey = "YOUR_API_KEY"
Passbase.renderButton(element, apiKey, {
{
prefillAttributes: {
email: "[email protected]",
country: "de"
}
},
// Signed and Armored Metadata, which contain {"email": "[email protected]", "country": "de", ...}
metaData: "AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD"
onFinish: (identityAccessKey) => {
console.log(identityAccessKey)
// Open new window for end user to prevent duplicate verifications
window.location.href =("https://passbase.com/")
}
})
</script>
import React from 'react';
import VerifyButton from "@passbase/button/react";
function App() {
const referenceUserWithKey = (key) => {
console.log(key)
// Make request to your backend/db and save the key to the user's profile
}
return (
<div className="App">
<VerifyButton
apiKey={"YOUR_PUBLISHABLE_API_KEY"}
onSubmitted={(identityAccessKey) => {
referenceUserWithKey(identityAccessKey)
}}
onFinish={(identityAccessKey) => {
// Open new window for end user to prevent duplicate verifications
window.location.href =("https://passbase.com/")
}}
onError={(errorCode) => {}}
onStart={() => {}}
prefillAttributes={{
email: "[email protected]"
}}
// Signed and Armored Metadata, which contain {internal_customer_id: "XYZ", "email": "[email protected]", "country": "de", ...}
metaData={{
"AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD"
}}
/>
</div>
);
}
const onSubmit = (identityAccessKey) => {
console.log(identityAccessKey)
// Make a request to your backend/db and save the key to your user's profile
}
Passbase.renderButton(
this.passbaseButton.nativeElement,
"YOUR_API_KEY",
{
onSubmitted: (identityAccessKey) => {},
onFinish: (identityAccessKey) => {
// Open new window for end user to prevent duplicate verifications
window.location.href =("https://passbase.com/")
},
prefillAttributes: {
email: "[email protected]",
country: "de"
},
// Signed and Armored Metadata, which contain {"email": "[email protected]", "country": "de", ...}
metaData: {
"AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD"
}
}
)
import Passbase
import UIKit
class ViewController: UIViewController {
override func viewDidLoad() {
super.viewDidLoad()
// Signed and Armored Metadata, which contain {internal_customer_id: "XYZ", "email": "[email protected]", "country": "de", ...}
PassbaseSDK.metaData = "AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD"
let button = PassbaseButton(frame: CGRect(x: 40, y: 90, width: 300, height: 60))
self.view.addSubview(button)
}
}
package com.passbase.androiddemoapp
import androidx.appcompat.app.AppCompatActivity
import android.os.Bundle
// 1. Add import of Passbase SDK and the Passbase Button to the top
import com.passbase.passbase_sdk.PassbaseSDK
import com.passbase.passbase_sdk.PassbaseButton
class MainActivity : AppCompatActivity() {
override fun onCreate(savedInstanceState: Bundle?) {
super.onCreate(savedInstanceState)
setContentView(R.layout.activity_main)
val passbaseRef = PassbaseSDK(this)
passbaseRef.initialize("YOUR_PUBLISBALE_API_KEY")
// Signed and Armored Metadata, which contain {internal_customer_id: "XYZ", "email": "[email protected]", "country": "de", ...}
passbaseRef.metaData = "AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD"
}
package com.passbase.androiddemoapp;
import androidx.appcompat.app.AppCompatActivity;
import android.os.Bundle;
// 1. Add import of Passbase SDK and the Passbase Button to the top
import com.passbase.passbase_sdk.Passbase;
import com.passbase.passbase_sdk.PassbaseButton;
public class MainActivity extends AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
PassbaseSDK passbaseRef = new PassbaseSDK(this);
passbaseRef.initialize("YOUR_PUBLISHABLE_API_KEY");
// Signed and Armored Metadata, which contain {internal_customer_id: "XYZ", "email": "[email protected]", "country": "de", ...}
passbaseRef.setMetaData("AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD");
}
}
// Signed and Armored Metadata, which contain {internal_customer_id: "XYZ", "email": "[email protected]", "country": "de", ...}
PassbaseSDK.setMetaData("AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD")
import 'package:passbase_flutter/passbase_flutter.dart';
...
// Signed and Armored Metadata, which contain {internal_customer_id: "XYZ", "email": "[email protected]", "country": "de", ...}
PassbaseSDK.metaData = "AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD"
...
Feature available from Web SDK version
3.3.1 and Mobile SDK version 2.4.0After a user completes a verification and you receive the
VERIFICATION_REVIEWED webhook event, it is time to call the Passbase Get Identity endpoint. Using this API endpoint, you will see the new metaData object returned.If the public encryption key is not added to the developer dashboard, you will not see the metaData information returned on the API.
{
id: "1234-1234-1234-1234",
resources: [...],
metadata: { internal_customer_id: "XYZ" }
}
Last modified 10mo ago