✨Works out of the box guarantee. If you face any issue at all, hit us up on Telegram and we will write the integration for you.

Sign Proof Requests

Sign Proof Requests

The user should know that the proof is being requested by you and not a phishing website. In order to do that, we require all the proof requests to be signed before the user is asked to generate the proofs.

Because of security concerns it is not safe to have the APP_SECRET on the front-end. If it is on the frontend, any malicious user can extract the APP_SECRET and build a phishing website to emulate you.

Setup a backend endpoint

So, to sign the proof requests, we recommend you setting up a backend endpoint. This endpoint must take the provider id, authenticate the user, and respond with a signed URI for the user to open.

import { Reclaim } from '@reclaimprotocol/js-sdk'
router.post('/sign', async function (req, res) {
  const { providerId } = req.body
  const reclaimClient = new Reclaim.ProofRequest(APP_ID) //TODO: Update APP_ID with your app id
  await reclaimClient.buildProofRequest(providerId)
    await reclaimClient.generateSignature(
      APP_SECRET //TODO : Update APP_SECRET with your app secret
  const { requestUrl: signedUrl } =
    await reclaimClient.createVerificationRequest()

Note that in case you don't pass a sessionId to the constructor, the SDK will generate a random one for you, but you can also pass it:

  const reclaimClient = new Reclaim.ProofRequest(APP_ID, req.body.sessionId)