Mesh API
Mesh API is a multitenant REST API that uses Sign In With Ethereum (SiWe) to authenticate its user accounts. The API provides a turn-key solution for onboarding and managing user accounts in your application ecosystem the Web3 way.
- Admin - The admin API's allow admins to operate over user-level master data.
- Profile - Create, update, delete, list Profiles and Profile details. Admins can create new profiles, also known as user accounts while users can login to the system and update their own profile. Admin's can promote profiles to Admin or Tenant Admin while Tenant Admins can only promote a user account from within the Tenant that they also belong to.
- Tenants - Create, update, delete, and list Tenants. Tenants are the highest level of logical ordering for user accounts. Admins have the ability to create new Tenants on the system, promote users to become Tenant Admins, and generally move users into and out of Tenants. The default Tenant assignment for all users who successfully login without a secret invite code is "Public". Accepting an invite code created by a Tenant Admin will result in your user landing in the Tenant associated with that registration event.
- Groups - Create, update, delete and list Groups. Groups are the next logical order of user accounts exist within Tenants. Groups are created and populated with user accounts by Admins or Tenant Admins. Alternatively, user accounts can opt to join Groups that also exist in the Tenant that they belong to. User accounts can belong to as many Groups as are available in their Tenant and can only be assigned Groups by Admins or Tenant Admins.
- Roles - Create, update, delete, and list Roles. Role management is Admin-only functionality for operating over Role master data. There are currently only Admin, Tenant Admin, User, Developer, and Service Account roles and it is best practice to not alter these records as the API knows how to handle these Roles. (note that new Roles can be added and used in the Enforcer.
- API Keys - Create, update, delete, and list API Keys. API Keys can be created and used as an alternative authentication approach to SiWe (see Enforcer section). This is helpful for Service Account or Developer roles where the account may be operated by a program, bot, or script where the client may not have Web3 signing capabilities.
- Enforcer - The Enforcer API provisions access controls over user accounts and handles the overall security of the REST API.
- Authentication - Mesh API uses SiWe authentication pattern for creating user sessions. Successfully logging into the Enforcer requires a user account to request a random challenge from the API, sign and submit that challenge back to the API, and lastly bear the JWT token that represents the user account's session for all subsequent API calls. Valid user accounts can create API Keys.
- Authorization - Authentication determines if a user account can create an active session on the API while authorization describes what the user account can do once a session is active. The Enforcer exposes and validation API to test authorization rules given a user account. There is detailed documentation deeper in the Read Me to discuss how user metadata can be used in the Enforcer's context to make complex and critical decisions.
- Policy Customization - The Enforcer is pre-loaded with a growing library of useful policies however you may contact your Mesh Administrator to add new or customize existing policies for your use case.
- Identity Verification - Mesh API offers a best-in-class identity verification service integrated with any user account's Web3 wallet. Today, we support only paying on-chain, but will soon support pay by credit card. Contact your Mesh API administrator for acquiring bulk verifications or for sponsoring verifications.
- Key Value - General purpose key-value API where users can create, update, and delete Key Spaces. Key Spaces are logical ordering of key-value pairs and the API allows user accounts to associate arbitrary values to keys on these Key Spaces. There is an optional backend argument that can be used to reference data being stored on Storj (S3), Redis, or Space and Time.
- Key Spaces - Logical groupings of key pairs
- Key Value - Get and set arbitrary values to keys
- Object Store - General purpose File storage and File sharing API. User accounts can upload, download, move, copy, and share files in their buckets. Buckets are the highest level of ordering for S3 compliant interfaces followed by directories and the file itself (s3://bucket/dir/file.txt).
- Standard Encryption - The standard Object Store API allows users to operate on files and file metadata over their personal S3 bucket, however the encryption key and secret pass phase is managed server-side.
- End-to-End Encrypted - The API also serves the same file endpoints where the File owner has the ability to generate Access Grants using secret phrases to guarantee that the file cannot be decrypted by anyone other than the bearer of that passphrase.
- Access Grant - The Access Grant acts as a pointer to a File on the underlying storage network, thus user accounts can share files that they own by generating Access Grants for particular operations (read, write) and giving that Access Grant to a user with a particular operation. Note, that all end-to-end encrypted API operations require the Access Grant parameter be used.
- Sharing Intents - The Sharing Intents API is used to securely transfer shareable artifacts like Access Grants. The API allows user accounts to create, update, delete, and list sharing intents for and against their account. Typical usage would be that user account A uploads a file to their bucket and then generates an Access Grant to download that file. User A wants to share that File with user B so user A adds the Access Grant to the Sharing Intents API with user B's account address as the recipient. User B can query they API for sharing intents (intents to share a resource with their account) and will find the Access Grant conveniently attached to the resource sharing intent reference.
- Real World Asset - The RWA API offers a suite of API's for curating tokens.
- Virtual NFT - Dynamic NFT metadata hosting alternative to IPFS static hosting. IPFS and traditional object storage only offers a rigid way to store NFT metadata. The vNFT API offers an administrative interface for token owners to publish changes to their token's metadata allowing them to create live, dynamic NFT experiences.
- Attestations - Token attestations for Chainlink's Proof of Reserve and other on-chain reserve activities. Attestations are amounts and/or measurements mapped to individual token identifiers on a blockchain.
- Smart Contracts - Metadata for tracking known smart contracts.
- Verification Sessions - Instruxi offers premium smart contracts integrated with Chainlink Functions and Proof of Reserve that can cryptographically guarantee KYC on your investors wallets at the time of purchase.
Updated 2 days ago