API Documentation for Project Hydro - The Fintech Blockchain
Hydro is the blockchain application of Hydrogen, an API platform that allows developers to build sophisticated fintech apps in minutes. Hydro enables private financial systems to seamlessly leverage the public blockchain. Cloud applications throughout the financial services ecosystem can now benefit from the power of smart contracts, creating more secure, transparent, and low cost financial products globally.
Our first product release is "Raindrop," which allows developers to utilize the blockchain as an authentication mechanism in their applications.
You must register with Hydrogen to become a developer. Once your application has been approved we will provide you an API username and key which are required to make calls to the API.
You must whitelist every user you desire to authenticate with this service. This can be an end user or another developer utilizing your platform/API.
Whitelisted addresses will be stored both on the blockchain and in our private database. Each address is tied directly to your API key.
All authentication requests will have to be sent with this username/key combo and a whitelisted hydroAddressId which is created one time on initial setup using the following process:
1. POST to /whitelist/{address} with your API username/key combo, and the user’s Ethereum/Hydro address.
2. Returns hydroAddressId if the address has been successfully whitelabeled
3. The user must use the hydroAddressId for all subsequent API calls. For security purposes, this id will only be generated one time. Please store it in a safe place such as a database or key file. If the hydroAddressId is lost, the user will need to whitelist a new wallet address and potentially transfer any hydro over.
https://api.hydrogenplatform.com/hydro/v1
After you have been setup in our system it's now time to use our Authentication API called "Raindrop". Authentication is a 3 step process: requesting a challenge, performing the raindrop, and final authentication.
1. POST to /challenge?hydroAddressId={hydroAddressId} with the appropriate hydroAddressId received from initial whitelisting. You must also provide your API username and key in the POST body. This response may take some time, as the challenge must be stored on the Ethereum blockchain.
2. This POST will return a JSON object with amount, challengeString and partnerId. Make sure to store these values as you will need them for the raindrop.
The owner of the Hydro address who performed the challenge must now authenticate on the Hydro Smart Contract, which needs to happen outside of the Hydro API. This can be done in a few ways:
1. Open the Contracts tab and click "Watch Contract"
2. For Contract Address use:
Testnet: 0xEFb8Ba35C4C502EA9035e093F59925C4B5B61482
Mainnet: NOT YET DEPLOYED
3. For Json Interface use:
Testnet: Testnet Gist
Mainnet: NOT YET DEPLOYED
3. Click on the added contract and from the function dropdown on the left select "Authenticate"
-
- For the value put the
amount returned from challenge- For Data put the
challenge returned from challenge- For the partner id put the
partner_id returned from challenge4. Once this is executed the raindrop has been completed. The transaction will fail if any values sent are incorrect.
Web3.js has extensive documentation on how to transact with an Ethereum Smart Contract.
https://github.com/ethereum/wiki/wiki/JavaScript-API
https://web3j.readthedocs.io/en/latest/
**Sample apps will be released soon by the Hydro team for developers to use**
Once the raindrop has been completed and confirmed in the blockchain final authentication can be performed.
1. POST to /authenticate?hydroAddressId={hydroAddressId} with the correct hydroAddressId. You must also provide your username and key in the post body
2. This will return a boolean value, which allows developers to use Hydro Auth as just one factor of a multifactor authentication alongside a token based system such as OAuth or JWT.
-
- If true is returned, the authentication process should continue
- If false is returned, the authentication process should fail