MetaData Encryption

This guide helps you set up encryption to receive metaData from Passbase

If you are tracking end users in your backend through an internal UUID, transaction number, stripe ID, etc., you can use the metaData object to securely pass encrypted end user information to identify completed verifications.

The metaData object allows you to pass an encrypted JSON string via a private key encoded in base64 on the client-side, and then Passbase will use your public key to return the data on the Passbase API.

Generate Encryption Keys

Create your private key by running the following terminal command:

openssl genrsa -out ~/passbase-test-private-key.pem 4096

Generate the public key associated to the private key by running the following terminal command. Copy the content of ~/passbase-test-public-key.pub into your clipboard.

openssl rsa -in ~/passbase-test-private-key.pem -out ~/passbase-test-public-key.pub -pubout

Add Public Encryption Key to your Project

Enter the public encryption key copied from your clipboard within the developer dashboard for each individual project.

Encrypt Data in Backend

The metaData object requires an encrypted JSON string via the private key encoded in base64. Below are examples of how to create an encrypted JSON string in your backend.

JavaScript
Python
Go
Ruby
PHP
JavaScript
const crypto = require("crypto");
const fs = require("fs");
const metadata = {foo: "bar"};
const pkey = crypto.createPrivateKey({format: 'pem', key: fs.readFileSync("~/passbase-test-private-key.pem")});
const encrypted_metadata = crypto.privateEncrypt(pkey, Buffer.from(JSON.stringify(metadata))).toString('base64');
Python
import base64
import subprocess
import tempfile
metadata = bytearray('{"foo": "bar"}', 'utf-8')
with open("~/passbase-test-private-key.pem", "rb") as f:
p = subprocess.Popen(
"openssl rsautl -sign -inkey " + f.name,
shell=True,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
stdout, stderr = p.communicate(input=metadata)
encrypted_metadata = base64.b64encode(stdout)
Go
rng := rand.Reader
metadata := []byte("{\"foo\": \"bar\"}")
priv, _ := ioutil.ReadFile("~/passbase-test-private-key.pem")
privPem, _ := pem.Decode(priv)
privateKey, _ := x509.ParsePKCS1PrivateKey(privPem.Bytes)
signature, _ := rsa.SignPKCS1v15(rng, privateKey, crypto.Hash(0), metadata[:])
encrypted_metadata := base64.StdEncoding.EncodeToString(signature)
Ruby
metadata = {"foo" => "bar"}
key = OpenSSL::PKey::RSA.new(File.read("~/passbase-test-private-key.pem"))
encrypted_metadata = Base64.encode64(key.private_encrypt(metadata.to_json))
PHP
<?php
$metadata = array("foo" => "bar");
$private_key = openssl_pkey_get_private("file://~/passbase-test-private-key.pem");
$encrypted_metadata_bytes = "";
openssl_private_encrypt(json_encode($metadata), $encrypted_metadata, $private_key);
$encrypted_metadata = base64_encode($encrypted_metadata_bytes);

Pass metaData Object

After encrypting the data in your backend, you will need to pass the private key encoded in base64 to Passbase through the client-side frontend.

Value

metaData

Encrypted JSON string via the private key encoded in base64

HTML + JS
React
Angular
iOS
Kotlin
Java
React Native
Flutter
HTML + JS
<script type="text/javascript">
const element = document.getElementById("passbase-button")
const apiKey = "YOUR_API_KEY"
Passbase.renderButton(element, apiKey, {
{
prefillAttributes: {
country: "de"
}
},
// Signed and Armored Metadata, which contain {"email": "[email protected]", "country": "de", ...}
metaData: "AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD"
onFinish: (identityAccessKey) => {
console.log(identityAccessKey)
// Open new window for end user to prevent duplicate verifications
window.location.href =("https://passbase.com/")
}
})
</script>
React
import React from 'react';
import VerifyButton from "@passbase/button/react";
function App() {
const referenceUserWithKey = (key) => {
console.log(key)
// Make request to your backend/db and save the key to the user's profile
}
return (
<div className="App">
<VerifyButton
apiKey={"YOUR_PUBLISHABLE_API_KEY"}
onSubmitted={(identityAccessKey) => {
referenceUserWithKey(identityAccessKey)
}}
onFinish={(identityAccessKey) => {
// Open new window for end user to prevent duplicate verifications
window.location.href =("https://passbase.com/")
}}
onError={(errorCode) => {}}
onStart={() => {}}
prefillAttributes={{
}}
// Signed and Armored Metadata, which contain {internal_customer_id: "XYZ", "email": "[email protected]", "country": "de", ...}
metaData={{
"AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD"
}}
/>
</div>
);
}
Angular
const onSubmit = (identityAccessKey) => {
console.log(identityAccessKey)
// Make a request to your backend/db and save the key to your user's profile
}
Passbase.renderButton(
this.passbaseButton.nativeElement,
"YOUR_API_KEY",
{
onSubmitted: (identityAccessKey) => {},
onFinish: (identityAccessKey) => {
// Open new window for end user to prevent duplicate verifications
window.location.href =("https://passbase.com/")
},
prefillAttributes: {
country: "de"
},
// Signed and Armored Metadata, which contain {"email": "[email protected]", "country": "de", ...}
metaData: {
"AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD"
}
}
)
iOS
import Passbase
import UIKit
class ViewController: UIViewController {
override func viewDidLoad() {
super.viewDidLoad()
// Signed and Armored Metadata, which contain {internal_customer_id: "XYZ", "email": "[email protected]", "country": "de", ...}
PassbaseSDK.metaData = "AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD"
let button = PassbaseButton(frame: CGRect(x: 40, y: 90, width: 300, height: 60))
self.view.addSubview(button)
}
}
Kotlin
package com.passbase.androiddemoapp
import androidx.appcompat.app.AppCompatActivity
import android.os.Bundle
// 1. Add import of Passbase SDK and the Passbase Button to the top
import com.passbase.passbase_sdk.PassbaseSDK
import com.passbase.passbase_sdk.PassbaseButton
class MainActivity : AppCompatActivity() {
override fun onCreate(savedInstanceState: Bundle?) {
super.onCreate(savedInstanceState)
setContentView(R.layout.activity_main)
val passbaseRef = PassbaseSDK(this)
passbaseRef.initialize("YOUR_PUBLISBALE_API_KEY")
// Signed and Armored Metadata, which contain {internal_customer_id: "XYZ", "email": "[email protected]", "country": "de", ...}
passbaseRef.metaData = "AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD"
}
Java
package com.passbase.androiddemoapp;
import androidx.appcompat.app.AppCompatActivity;
import android.os.Bundle;
// 1. Add import of Passbase SDK and the Passbase Button to the top
import com.passbase.passbase_sdk.Passbase;
import com.passbase.passbase_sdk.PassbaseButton;
public class MainActivity extends AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
PassbaseSDK passbaseRef = new PassbaseSDK(this);
passbaseRef.initialize("YOUR_PUBLISHABLE_API_KEY");
// Signed and Armored Metadata, which contain {internal_customer_id: "XYZ", "email": "[email protected]", "country": "de", ...}
passbaseRef.setMetaData("AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD");
}
}
React Native
// Signed and Armored Metadata, which contain {internal_customer_id: "XYZ", "email": "[email protected]", "country": "de", ...}
PassbaseSDK.setMetaData("AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD")
Flutter
import 'package:passbase_flutter/passbase_flutter.dart';
...
// Signed and Armored Metadata, which contain {internal_customer_id: "XYZ", "email": "[email protected]", "country": "de", ...}
PassbaseSDK.metaData = "AJIZZDIZJADIOAJDOIZJAOIZJDOIAJIODZJIAJDIOZJAIOZDJALANLIKESJIZZOIZDJAOIZJDOZIAJDOIAZJDAZD"
...

Feature available from Web SDK version 3.3.1 and Mobile SDK version 2.4.0

Call Passbase API

After a user completes a verification and you receive the VERIFICATION_REVIEWED webhook event, it is time to call the Passbase Get Identity endpoint. Using this API endpoint, you will see the new metaData object returned.

If the public encryption key is not added to the developer dashboard, you will not see the metaData information returned on the API.

{
id: "1234-1234-1234-1234",
resources: [...],
metadata: { internal_customer_id: "XYZ" }
}