On Subscribe

Validates a subscriber Overview In this API the Registry generates a random string, encrypts it with the subscriber’s encryption public key and sends it to the subscriber’s callback URL. The subscriber then decrypts the string

Lookup

Look up subscriber(s) in a registry Overview The network participant will trigger the subscribe call to the registry to register its public key. Request URL /lookup Method POST Request Body Schema Field Type description subscriber_id

Subscribe

Subscribe to a network Overview The network participant will trigger the subscribe call to the registry to register its public key. Request URL /subscribe Method POST Request Body Schema Field Type description subscriber_id string A

Subscriber Signing

The BAP and BPP subscriber is expected to send an Authorization header (as defined in RFC 7235, Section 4.1) where the “auth-scheme” is “Signature” and the “auth-param” parameters meet the requirements listed in Section 2

Signature Verification

BPP/BAP verifies BG signature The BPP/BAP performs the following steps to authenticate the BAP/BPP and the BG and also ensure message integrity. Get keyId from the Proxy-Authorization header Split the keyID string using the delimiter

Gateway Signing

The BG will send its signature in the Proxy-Authorization header in the exact same format as shown below. Proxy-Authorization:Signature keyId="{subscriber_id}|{unique_key_id}|{algorithm}" algorithm="xed25519" created="1606970629" expires="1607030629" headers="(created) (expires) digest" signature="Base64(BLAKE-512(signing string))"