Signing transactions
The PingOne Recognize Web SDK can digitally sign transaction data when PingOne Recognize authentication or enrollment actions succeed.
The signed transaction is a JSON web token (JWT) that the server can verify, which ensures:
-
That PingOne Recognize completed the original operation.
-
The transaction data is intact.
Headless integration
To sign transaction data without using a user interface, start with one of the baseline integrations:
-
For authentication, use Headless authentication integration.
-
For enrollment, use Headless enrollment integration.
Next, include the transaction data payload when using openKeylessWebSocketConnection to open a web socket:
await openKeylessWebSocketConnection(sym, {
...,
transaction: {
data: TRANSACTION_DATA
}
})Finally, add an event listener to the finished event of your web socket:
addKeylessEventListener(sym, 'finished', (event) => {
// will log the transaction JWT
console.log(event.data.transactionJWT)
})Web component integration
To sign transaction data using web components, start with a baseline integration:
-
For authentication, use a Web component authentication integration.
-
For enrollment, use a Web component enrollment integration.
Next, add a transaction-data attribute to your web component:
<kl-auth-or-enroll
...
transaction-data="TRANSACTION_DATA"
></kl-auth-or-enroll>Finally, add an event listener to the finished event of your web component:
auth_or_enroll.addEventListener('finished', (event) => {
// will log the transaction JWT
console.log(event.detail.transactionJWT)
})Verifying the transaction
There are two ways to verify the transaction data:
-
Use
GET /v2/verify-jwt/public-keyto retrieve and import the customer public key. Then, use the responseresultto verify the transaction data. -
Use
POST /v2/verify-jwtto send the transaction data in the request body and then check the result.
Run these tasks on the backend server to avoid leaking keys or other sensitive data.