We need more data on chain that we can trust.

There is no way to know if an API actually returned a certain data when it was hit - as claimed by a person/contract.

Response header with signature

Simple fix is to include 2 headers in every REST response of an API.

• MD5 hash of the response data
• A signature that signs the above hash
• If not private response, upload to IPFS and include IPFS hash

MD5 : <md5sum>
Web3Signature : <v,r,s>
IPFS : <ipfs hash>

A middleware

Should be able to use the middleware in express.

web3api.configure(env.privateKey)
app.use(web3api)

// in routes
res.send(data, { private : IS_PRIVATE_RESPONSE })

It must be published to npm, open source the code on github

A smart contract

A resolver contract, that takes the IPFS hash and returns the data, md5 and signature

//web3api.sol

resolve(string ipfs_hash) public returns(uint request_id) 

resolve_callback(string request_id, bytes data, string md5, bytes signature) external

Bounty

If you’re looking to build this this weekend - happy to support you with a small bounty of 1 Eth. This shouldn’t take too long :)

This is likely will lead to enabling more off-chain data coming on-chain. When we have more data on chain from the offline world, more interesting contracts can be written.