We need more data on chain that we can trust.
There is no way to know if an API actually returned a certain data when it was hit - as claimed by a person/contract.
Response header with signature
Simple fix is to include 2 headers in every REST response of an API.
- MD5 hash of the response data
- A signature that signs the above hash
- If not private response, upload to IPFS and include IPFS hash
MD5 : <md5sum>
Web3Signature : <v,r,s>
IPFS : <ipfs hash>
A middleware
Should be able to use the middleware in express.
web3api.configure(env.privateKey)
app.use(web3api)
// in routes
res.send(data, { private : IS_PRIVATE_RESPONSE })
It must be published to npm, open source the code on github
A smart contract
A resolver contract, that takes the IPFS hash and returns the data, md5 and signature
//web3api.sol
resolve(string ipfs_hash) public returns(uint request_id)
resolve_callback(string request_id, bytes data, string md5, bytes signature) external
Bounty
If you’re looking to build this this weekend - happy to support you with a small bounty of 1 Eth. This shouldn’t take too long :)
This is likely will lead to enabling more off-chain data coming on-chain. When we have more data on chain from the offline world, more interesting contracts can be written.