The iframe API supports functionality for both public keys and derived keys. You can determine key type from the login response by checking for derivedPublicKeyBase58Check.
The sign message is responsible for signing transaction hexes. If approval is required an application must call the endpoint in the Window API to sign the transaction.
Payload for public keys
Name
Type
Description
transactionHex
string
Hex of the transaction you want to sign.
Payload for derived keys
Name
Type
Description
transactionHex
string
Hex of the transaction you want to sign.
derivedPublicKeyBase58Check
string
Only required if logged in user is using a derived key to sign on behalf of an owner public key.
Public key of the recipient in base58check format.
message
string
Message text that you want to encrypt.
Payload for derived keys
Only required if logged in user is using a derived key to sign on behalf of an owner public key.
recipientPublicKey
string
Public key of the recipient in base58check format.
message
string
Message text that you want to encrypt.
encryptedMessagingKeyRandomness
string
This value is used in place of the encryptedSeedHex when encrypting the message.
derivedPublicKeyBase58Check
string
Public key requesting encryption in base58check format.
ownerPublicKeyBase58Check
string
Public key used only for validation.
Request
{ id:'21e02080-0ef4-4056-a319-a66403f33768', service:'identity', method:'encrypt', payload: { accessLevel:3, accessLevelHmac:"0fab13f4...", encryptedSeedHex:"0fab13f4...", recipientPublicKey:"BC1YLgwkd7iADbrSgryTfXhMEcsF76cXDaWog4aDzoTunDb2DcZ3myZ" message:"This is a message", derivedPublicKeyBase58Check:"BC1YLsond7iADbrSgryTfXhMEcsF76cXDaWog4aDzoTunDb2DcZ3myZ", ownerPublicKeyBase58Check:"BC1YLdadd7iADbrSgryTfXhMEcsF76cXDaWog4aDzoTunDb2DcZ3myZ", encryptedMessagingKeyRandomness:"837fab39...", },}
Response for Derived keys (Encrypted Messaging Key Randomness Required)
You will get this response if the request includes a derivedPublicKeyBase58Check and does not include both ownerPublicKeyBase58Check and encryptedMessagingKeyRandomness.
The decrypt API is responsible for decrypting messages.
The decrypt API allows you to decrypt multiple messages at once by passing an array of encryptedMessage objects.
The decrypt API is intended to be constructed right after calling the /api/v0/get-messages-stateless backend API endpoint, and so the structure of encryptedMessage matches the structure of the response from backend.
We recommend tracing through GetMessages()function in the DeSo Protocol frontend's src/app/backend-api.service.ts.
Assuming message is a taken from OrderedContactsWithMessages.Messages from the backend API response, encryptedMessage can be constructed as follows:
You will get this response if the request includes a derivedPublicKeyBase58Check and does not include both ownerPublicKeyBase58Check and encryptedMessagingKeyRandomness.
Response contains a decryptedHexes field which is a map of decrypted messages, indexed by EncryptedHex from the request.
{ id:'21e02080-0ef4-4056-a319-a66403f33768', service:'identity', payload: { decryptedHexes: {"0f154bcad...": "hello world""0afa44bcd...": "in retrospect it was inevitable", } },}
jwt
AccessLevel: 2
The jwt message creates signed JWT tokens that can be used to verify a user's ownership of a specific public key.
The JWT is only valid for 10 minutes.
JWTs are used in some Backend API endpoints such as /api/v0/upload-image. The best practice is to request the JWT right before calling these endpoints.
