Trustee
Last updated
Last updated
GET /data-requests
Retrieve the latest block headers. If at least one data request is present in a block, the block data is also returned. The notion of "latest" is determined by the query parameter oldBlockHeight and the ledger's current height. Trustees use this endpoint to get the latest relevant blocks, extract the data requests in them, and respond to the data requests accordingly.
Using the block data, one can compute the data hash and verify consistency of the block header. In addition, using the block headers, one can verify the blocks are chained.
| Name | In | Type | Required | Description |
|---|---|---|---|---|
Example
GET /data-requests?oldBlockHeight=1
| Status | Meaning | Description | Schema |
|---|---|---|---|
Successfully retrieved the blocks and block data which contain data requests.
Schema
Example
Request is malformed. Make sure:
oldBlockHeight is present in query parameter
oldBlockHeight is a non-negative number
oldBlockHeight is an integer
oldBlockHeight is valid - no larger than the current block height of the ledger
Example 1
Example 2
API key is missing or incorrect.
Example
EncryptionGET /encryptions/{token-hash}/encrypted-trustee-shares/{trustee-id}
Retrieves a encrypted trustee share from an Encryption. After detecting a new data request, a trustee should use this endpoint to get its encrypted share from the corresponding Encryption, decrypt it with its decryption key, then post the result with postTrusteeResponse.
Example
GET /encryptions/d033713dd14552c060c55746afdb989cfee8e624ae94a932d79fd25630f728a4/encrypted-trustee-shares/trustee1
Successfully retrieved the encrypted trustee share.
Schema
Example
Trustee does not exist or does not reference this PAD instance.
Example
API key is missing or incorrect.
Example
The encryption does not exist.
Example
POST /data-requests/{token}/trustee-responses
Posts a trustee response to the ledger.
After retrieving and finish decrypting its share, the trustee needs to post the result back to the ledger so that eventually, the decryptor can decrypt a secret.
Example
POST /data-requests/e3b0c44298fc1c149afbf4c8996fb924/trustee-responses
The trustee response is successfully posted.
Example
Request is invalid. Make sure that :
padName in TrusteeResponse is consistent with the PAD instance to which the API key is pointing
token in path and TrusteeResponse are consistent
trusteeId in TrusteeResponse and signature are consistent
role is Trustee in signature
signature in signature is consistent with the payload TrusteeResponse
Example 1
example 2
example 3
Api key is missing or invalid.
Example
The trustee is not part of the instance. Recall that the list of trustees is determined by the Operator at instance creation time.
Example
The server cannot find a data request pointed by the token in the path parameter.
Example
A response from the same trustee has been made for the same data request before.
Example
PUT /trustee-attestations/{trustee-id}
Trustee posts its view of the ledger* with a digital signature. This allows other users to convince themselves that they are seeing the same ledger as trustees, who are the ones handling the data requests. Trustees should attest to the ledger regularly even there is no update on the ledger.
*The ledger view of the trustee includes the ID/name of the PAD instance, the height of the ledger, the current block hash of the ledger and a timestamp when the trustee construct the attestation.
Example
PUT /trustee-attestations/trustee1
Successfully posted trustee attestation.
Example
Request is malformed. Check that:
Trustee IDs in attestation and path parameter are consistent.
padName in attestation is consistent with the PAD instance to which the API key is pointing
The signature is correct
The attestation is correct, in the sense that:
The block height is non-negative and at most even with the ledger
currentHash is the block hash at height
Example 1
Example 2
Example 3
Api key is missing or invalid.
Example
The trustee is not part of the instance. Recall that the list of trustees is determined by the Operator at instance creation time.
Example
Example
ID of a block. It is an incremental index starting from 0. For example, if a ledger has height 10, then it has blocks 0, 1, ..., 9. The next block has block number 10.
Blocks are put sequentially as a blockchain to form a ledger. It consists of the header (which contains the chaining information) and optionally the data (from which data requests and trustee and validator responses can be extracted).
Example 1
Example 2
Block header contains metadata of a block. They are sufficient to prove the blocks form a chain without the need of block data, because the previousHash field in the schema refers to the hash of the previous block header, instead of the entire previous block. Thus, if the block data is irrelevant (for example not containing any data request when one is asking for them), it can be skipped.
If the block number is 0, the number and previousHash fields are empty. dataHash is computed with the same block's data. Refer to code samples on how to compute hash of a block header.
Example 1
Example 2
Block data contains "transactions". In PAD, these are the data requests and trustee and validator responses. See code samples to see how block data are decoded.
Example
A base64-encoded binary data.
Example
A Sha256 hash value as a hexidecimal string.
Example
ID of a trustee. It contains only alphanumerical characters, underscores (_) and dashes (-). It has length inclusively between 3 and 30.
Example
A 128-bit random string kept secret between the encryptor and decryptor after encryption stage and before data request stage. It identifies a data request. Its hash value identifies an encryption. The decryptor posts it on the ledger at data request stage.
Example
ID of a PAD instance. Its length must be inclusively between 4 and 30. It should contains only lowercase letters, digits, periods (.) or dashes (-). It must start with a lowercase letter.
It is seldom used as a request parameter because the API key in the request already identifies a PAD instance.
Example
A trustee response to a data request. It contains the decrypted trustee share for the decryptor to perform a full decryption on a secret. It also consists of metadata for identifying the corresponding data request.
Example
A trustee response attached with a digital signature for everyone to validate the response's integrity.
Note that the trustee response is represented as a string (instead of an object). This ensures that there is a unified way to verify the signature.
Example
Metadata of a participant in PAD. It can currently be used to describe a trustee or a validator.
Example
A digital signature. It consists of the metadata of the signer, including its ID, and the signature payload encoded in base64.
Schema
A timestamp in ISO 8601 format.
Example
A succinct representation of the ledger, which consists of the PAD instance name, the height and the then block hash of its ledger, and the timestamp when this digest is generated.
Example
A trustee's succinct view of the ledger, along with a digital signature of it. The succinct view consists of the PAD instance ID, height and latest block hash of its ledger, and the latest timestamp when the attestation is created.
A collection of trustee attestations proves to a user that she and the trustees are seeing the same ledger.
Note that the ledger digest is represented as a string (instead of an object). This ensures that there is a unified way to verify the signature.
Example
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| Status | Meaning | Description | Schema |
|---|---|---|---|
| Name | Type | Required | Description |
|---|---|---|---|
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| Status | Meaning | Description | Schema |
|---|---|---|---|
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| Status | Meaning | Description | Schema |
|---|---|---|---|
| Name | Type | Required | Description |
|---|---|---|---|
| Type | Restrictions |
|---|---|
| Name | Type | Required | Description |
|---|---|---|---|
| Name | Type | Required | Description |
|---|---|---|---|
| Name | Type | Required | Description |
|---|---|---|---|
| Type | Restrictions |
|---|---|
| Type | Restrictions |
|---|---|
| Type | Restrictions |
|---|---|
| Type | Restrictions |
|---|---|
| Type | Restrictions |
|---|---|
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| Property | Value |
|---|---|
| Name | Type | Required | Description |
|---|---|---|---|
| Name | Type | Required | Description |
|---|---|---|---|
| Property | Value |
|---|---|
| Name | Type | Required | Description |
|---|---|---|---|
| Type | Restrictions |
|---|---|
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
oldBlockHeight
query
integer
true
Number of blocks the trustee has already processed
200
Succeeded
Inline
400
Bad Request
Request is invalid
401
API key is missing or invalid
ok
boolean
true
none
none
blocks
dict<BlockNumber, Block>
true
none
none
token-hash
path
true
Hash value of the token
trustee-id
path
true
Trustee's ID
200
Succeeded
Inline
400
Bad Request
Request is invalid
401
API key is missing or invalid
404
Not Found
Encryption not found
ok
boolean
true
none
encryptedTrusteeShare
true
The encrypted trustee share
token
path
true
ID of the data request
-
body
true
The decrypted share, along with a digital signature of the trustee and some metadata
200
Succeeded
400
Bad Request
Data request and trustee response are inconsistent
401
API key is missing or invalid
403
Forbidden
Trustee is not in the instance
404
Not found
Data request not found
409
Conflict
Response has been made before
trustee-id
path
true
ID of the trustee
-
body
true
The decrypted share, along with a digital signature of the trustee and some metadata
200
Succeeded
400
Bad Request
Data request and trustee response are inconsistent
401
API key is missing or invalid
403
Forbidden
Trustee is not in the instance
ok
boolean
true
The request is successful or not
message
string
true
none
integer
Non-negative
header
true
none
data
false
none
number
false
Block number of the current block
previousHash
false
Hash of the previous block's header
dataHash
true
Hash of this block's data
data
array<Base64>
true
none
string
none
string
/[0-9a-fA-F]{64}/
string
[a-zA-Z0-9-_]{3,30}
string
/[0-9a-fA-Z]{32}/
string
/[a-z][a-z0-9.-]{3,29}/
padName
true
none
The instance where the data request is posted
token
true
none
The ID of the data request
trusteeShare
true
none
The decrypted trustee share
type
enum
true
none
Type of response
trusteeId
true
none
ID of the responding trustee
type
"trustee_response"
trusteeResponse
string<TrusteeResponse>
true
none
signature
true
none
id
true
/[0-9a-zA-Z-_]{3,30}/
fullName
string
true
/Trustee-[0-9a-zA-Z_]+/ or /Validator-[0-9a-zA-Z_]+/
role
enum
true
none
role
Trustee
role
Validator
role
Server
signerMetadata
false
none
payload
false
none
string
-
ledgerId
true
none
The PAD instance's name
height
true
none
Block height of the ledger
currentHash
true
none
Hash of the block at height on the ledger
timestamp
true
none
Time at which this digest is generated
ledgerDigest
string<LedgerDigest>
true
none
A succinct representation of the ledger
signature
true
none
A digital signature against ledgerDigest