Sandbox Technical Guide
This page provides technical details about the "Authenticity Verification" sandbox that has been released in "alpha mode" for early adopters and testers.
This sandbox covers the "Authenticity Verification" domain for use-cases such as verification of educational documents, event tickets, medical documents etc. Figure 1.1 below provides a diagrammatic view of a covered use-case.
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​Fig 1.1 - Shows the flow for the "Educational documents" authenticity verification use-case.
​
Please note that this sandbox instance has been released purely for review as well as learning purposes and does not provide any resiliency or deep level of security. As such no sensitive, confidential or production data should be written to it.
​
-
Data storage & recovery – All data will be deleted and will be lost the moment sandbox instance is stopped or terminate.
-
Type of blockchain – This sandbox is built using "Hyperledger Fabric" private blockchain that offers enterprise grade security, scalability & resiliency when deployed with the recommended architecture. This blockchain solution has been used purely for sandbox purposely. In production, Web3fi plans to offer choice of multiple blockchains (e.g. native Ethereum, Polygon, Hyperledger Fabric) for its customers to choose from.
-
Feature-set – The feature-set offered through this sandbox are limited for obvious reasons. Additional functionality and feature-set will be offered with production instance when released (expected Q2, 2023).
​
-
Controls for the sandbox - You can control the sandbox instance through the control-panel provided in the sandbox dashboard (Web3fi website > Sign-in > Main dashboard > Sandbox (side panel)> sandbox control-panel). Once a new sandbox instance has been instantiated through the control-panel, please give it 7-8 mins for the instance to be fully up and configured before making calls to the APIs.
-
Access to the sandbox – Currently only way to access the sandbox is through the APIs that have been exposed. Upcoming section provides the details about respective APIs and the parameters that need to be passed to get relevant responses. An auth-token will be required to call these APIs. This token is available through platform's dashboard control panel "Get auth-token" button (right most button). Tokens are valid for a 24 hour period.
-
Performance of sandbox – As this is a sandbox, main focus has been put on making relevant functionality available. Hence it could take 10-15 seconds for the API call responses to return.
​
-
Components of the sandbox –
a. Block-chain nodes and reviewers – The sandbox instance comes with multiple nodes pre-built to review and write transactions into blocks​
​
b. Smart-contract – Smart-contract with relevant functions and automation has already been tested and enabled on the block-chain. In the sandbox, this smart-contract cannot be modified by testers. However, this functionality will be made available in production instance
c. Certificate Authority – Sandbox comes with two separate CAs, one for each entity, mimicking real-world scenario
​
d. Entities & wallets – Two entities “minter” part of "org1" and “recipient” part of "org2" have already been registered for the sandbox with respective wallets. Minter is the only entity that can mint the tokens (one at a time) and can choose to transfer these tokens to the recipient. Of course, as these tokens are transferred from minter to recipient, relevant token balance reflects in respective wallets. In the sandbox, no additional entities can be registered as this functionality has been disabled and will be available in production instance. Also in the sandbox, only one token can be minted as a time. In production, this limitation will be removed.
​
​
​
​​
​
Rest of the section provides information on the REST APIs exposed by the sandbox.​​​​​​​​​​​ More APIs will be added to this sandbox by end of April, 2023, so be sure to check them out.
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
Fig 1.2 - Shows the APIs currently available in the sandbox in-context of "Educational documents" authenticity verification use-case
​
​
REST API information:
​
​1)
Resource: mint_token/mint_new_token
Description: API used to mint new tokens (e.g. register educational certificates or event tickets) by the "minter" entity
Method type: POST
URL: https://1f52lyy1ac.execute-api.ap-southeast-1.amazonaws.com/alpha/mint_token/mint_new_token
Auth-token required: yes
Parameters to be passed:
a) ‘token_uri’ : “url where artifact is stored”
b) ‘token_number’ : new token number
​
Example call:
curl -i -X POST -H "Content-Type:application/json" -H "authorization: put-token-here" -d "{\"token_uri\": \"http://example.com/001.jpg\", \"token_number\": 1}" https://1f52lyy1ac.execute-api.ap-southeast-1.amazonaws.com/alpha/mint_token/mint_new_token
​
​​
2)
Resource: mint_token/transfer_token_ownership_by_minter
Description: API used to transfer ownership of existing tokens to "recipient" entity by "minter" entity
Method type: PUT
URL: https://1f52lyy1ac.execute-api.ap-southeast-1.amazonaws.com/alpha/mint_token/transfer_token_ownership_by_ minter
Auth-token required: yes
Parameters to be passed:
a) ‘token_number’ : existing token number
​
Example call:
curl -i -X PUT -H "Content-Type:application/json" -H "authorization: put-token-here" -d "{\"token_number\": 1}" https://1f52lyy1ac.execute-api.ap-southeast-1.amazonaws.com/alpha/mint_token/transfer_token_ownership_by_minter
​
3)
Resource: mint_token/check_minter_token_balance
Description: API used to check token balance for “minter” entity
Method type: GET
Auth-token required: yes
Parameters to be passed: none
​
Example call:
curl -i -X GET -H "Content-Type:application/json" -H "authorization: put-token-here" https://1f52lyy1ac.execute-api.ap-southeast-1.amazonaws.com/alpha/mint_token/check_minter_token_balance
​
4)
Resource: mint_token/check_token_ownership
Description: API used to check token ownership by both "minter", "recipient" or any “3rd party”
Method type: GET
URL: https://1f52lyy1ac.execute-api.ap-southeast-1.amazonaws.com/alpha/mint_token/check_token_ownership
Auth-token required: yes
Parameters to be passed:
a) ‘token_number’ : existing token number
Example call:
curl -i -X GET -H "Content-Type:application/json" -H "authorization: put-token-here" -d "{\"token_number\": 1}" https://1f52lyy1ac.execute-api.ap-southeast-1.amazonaws.com/alpha/mint_token/check_token_ownership
​
5)
Resource: mint_token/check_recipient_token_balance
Description: API used to check token balance by "recipient" entity
Method type: GET
Auth-token required: yes
Parameters to be passed: none
​
Example call:
curl -i -X GET -H "Content-Type:application/json" -H "authorization: put-token-here" https://1f52lyy1ac.execute-api.ap-southeast-1.amazonaws.com/alpha/mint_token/check_recipient_token_balance
​