Signing Transactions

Web SDK supports sending a payload, called transaction data, that will be signed by the server when either authentication or enrollment succeed.

The signed transaction is a JWT and can be verified server-side to ensure that the operation was really completed on our servers, and that the signed transaction data matches with what is expected.

Headless Integration

Please base the integration code from the following guides:

• Enrollment Headless Integration

• Authentication Headless Integration

The transaction data must be sent during the connect call:

await auth_or_enroll.connect({
  ...,
  transaction: {
    data: TRANSACTION_DATA
  }
})

The transaction JWT can be retrieved inside the finished event:

auth_or_enroll.on('finished', (event) => {
  // will log the transaction JWT
  console.log(event.data.transactionJwt)
})

Web Component Integration

Please base the integration code from the following guides:

• Enrollment Web Component Integration

• Authentication Web Component Integration

The transaction data can be set through the transaction-data attribute:

<kl-auth-or-enroll
  ...
  transaction-data="TRANSACTION_DATA"
></kl-auth-or-enroll>

The transaction JWT can be retrieved inside the finished event:

auth_or_enroll.addEventListener('finished', (event) => {
  // will log the transaction JWT
  console.log(event.detail.transactionJWT)
})

Verifying the Transaction JWT

There are two options to verify the transaction JWT:

• Retrieve the customer public key using this API: https://docs.keyless.io/consumer/server-api/operations#verify-jwt Then import the public key and finally verify the JWT.

• Verify the JWT with this API: https://docs.keyless.io/consumer/server-api/operations#verify-jwt

Please note - both operations should be executed backend-to-backend for security purposes, ensuring no keys are leaked.