Managing Users

Introduction

PrivMX does not provide a user management service. However, each application user has to be granted access to specific resources within the Platform.

For user management, you must provide your own application server that can perform the following tasks:

• Registering new user ID - public key pairs in Context (e.g., during a sign-up process).
• Storing information about user profiles.
• Providing a set of users with whom the user can establish communication (e.g., creating new Thread).

When a user's key pair is generated (which should happen on the user’s device, not the server), only the public key needs to be sent to the application server. The server can then assign the user to the desired Context.

This process ensures secure key management while allowing the application to control user access.

Requirements

To enable communication between the application server and PrivMX, the server needs to use an API Key.

Each generated API key consists of an API_KEY_ID and a secret API_KEY_SECRET. Both need to be stored in environment variables. API key also has an associated access control list, which defines the PrivMX functions it can execute.

If you are using PrivMX Bridge Docker, your first API Key will be provided after the initial PrivMX Bridge setup.

Public Key Registration

For authorization requests to PrivMX Bridge, use your API Key to request an Access Token. Access Tokens have a TTL but can be refreshed using refresh tokens. Here is an example in Node.js:

async function getAccessToken() {
const requestBody = {
  jsonrpc: "2.0",
  id: 128,
  method: "manager/auth",
  params: {
    scope: ["solution:*", "context"],
    grantType: "api_key_credentials",
    apiKeyId: API_KEY_ID,
    apiKeySecret: API_KEY_SECRET,
  },
};
 
const tokenRequest = await fetch(BRIDGE_URL, {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
  },
  body: JSON.stringify(requestBody),
});
 
const response = await tokenRequest.json();
 
if (tokenRequest.status === 200) {
  return response.result.accessToken;
} else if ("error" in response) {
  throw new Error(`Unable to get access token`);
} else {
  throw new Error(`Unknown error`);
}
}

The Access Token can be used to authorize your request by placing it in the Authorization header. To add a public key to a Context use context/addUserToContext Rpc method.

export async function addUserToContext(userId: string, pubKey: string) {
//using function from earlier
const accessToken = await getAccessToken();
 
const response = await fetch(YOUR_BRIDGE_URL, {
  method: "POST",
  body: JSON.stringify({
    jsonrpc: "2.0",
    id: 128,
    method: "context/addUserToContext",
    params: {
      contextId: CONTEXT_ID,
      userId: USER_ID_ASSOCIATED_WITH_PUBLIC_KEY,
      userPubKey: PUBLIC_KEY,
    },
  }),
  headers: {
    "Content-type": "application/json",
    Authorization: `Bearer ${accessToken}`,
  },
});
}

Your user can now connect to your PrivMX Bridge providing a matching private key to PrivMX Endpoint in your client app. For guidance on how to do this in your app's stack, refer to our language-specific documentation: