Lots of things need to be improved, but this is a working example of a validation done by a third-party. The exact protocol needs to be written somewhere (I'll probably write documentation next week), but right now we have this:
assume we have a regular sponsor registered in the gas station, who deposited credits and registered a contract KT1;
examples/main registers to the gas station API at startup with something like
and associates its own URL and public key with the sponsor (and thus, with the contract KT1)
when we send an operation to the gas station, it looks if it needs to get the validation from another API;
the operation is sent to the 2nd API, which accepts it up to two times per user;
When the 2nd API accepts the operation, it returns a signed receipt to the gas station which checks the signature and tells the gas station what to do: post the operation itself with the deposited credits, return the receipt to the user (if the 2nd API posts the operation itself directly) or return an error.
I used JWT and RSA encryption for the signature of the token. Comments? Suggestions?
Lots of things need to be improved, but this is a working example of a validation done by a third-party. The exact protocol needs to be written somewhere (I'll probably write documentation next week), but right now we have this:
examples/mainregisters to the gas station API at startup with something likeand associates its own URL and public key with the sponsor (and thus, with the contract KT1)
I used JWT and RSA encryption for the signature of the token. Comments? Suggestions?