FUTA
Credence

Documentation

Comprehensive guides for using the Credence blockchain certificate verification platform. Learn how to verify certificates, integrate with our API, and deploy your own instance.

System Architecture

The platform is designed on a robust, modular three-tier architecture. This separation ensures that the presentation logic, business rules, and data persistence layers are decoupled, allowing for independent scaling and maintenance.

1. The Client Layer

The client layer serves as the interaction point for all users. It is built using Next.js 14, leveraging the App Router architecture for optimal performance and search engine optimization. This layer handles all user interface rendering, state management, and client-side data fetching. It communicates exclusively with the Application Layer via RESTful APIs. The frontend is responsive and mobile-first, ensuring accessibility across various devices.

2. The Application Layer

This layer acts as the central orchestration point, powered by Node.js and Express.js. It hosts the business logic for the system and manages communication between the client and the underlying data stores. Key responsibilities include:

  • Request Routing: Directing API calls to the appropriate service controllers.
  • Authentication & Authorization: Managing JWT tokens and enforcing Role-Based Access Control.
  • Data Processing: Validating input, computing cryptographic hashes, and orchestrating PDF generation.
  • Blockchain Orchestration: Interacting with the Hyperledger Fabric SDK to submit transactions to the ledger.

3. The Data Layer

The data layer is a hybrid storage solution designed to balance privacy, speed, and immutability.

  • Off-Chain Storage: We utilize PostgreSQL, hosted on Supabase, to store user profiles, sensitive PII, and full certificate metadata. This ensures data privacy and allows for complex querying capabilities that are not native to blockchains.
  • On-Chain Storage: A Hyperledger Fabric permissioned blockchain stores the cryptographic hashes of certificates. This provides an immutable audit trail. By storing only the hash on-chain, we maintain data privacy while guaranteeing that the certificate has not been tampered with since issuance.

Data Flow Protocols

The lifecycle of a credential within the system follows a strict, sequential protocol to ensure data integrity.

Certificate Issuance Flow

  1. 1An Administrator submits a certificate issuance request through the frontend interface.
  2. 2The Application Layer validates the administrator's JWT token and verifies that the input data conforms to the required schema using Zod.
  3. 3The system computes a unique SHA-256 hash of the certificate data.
  4. 4The Application Layer invokes the smart contract on the Hyperledger Fabric network to record this hash.
  5. 5Once the blockchain network reaches consensus and commits the block, a transaction ID is returned.
  6. 6The full certificate details are saved to the PostgreSQL database, linked to the blockchain transaction ID.
  7. 7A PDF certificate with embedded QR codes is generated and stored.
  8. 8A success response is sent to the frontend, updating the administrator's dashboard.

Certificate Verification Flow

  1. 1An Employer scans a QR code or inputs a certificate key.
  2. 2The Application Layer queries the PostgreSQL database to retrieve the certificate metadata.
  3. 3The system calculates the SHA-256 hash of the retrieved data.
  4. 4The Application Layer queries the Hyperledger Fabric ledger to compare the newly calculated hash against the stored hash.
  5. 5If the hashes match, the certificate is deemed valid. If the hash is missing or different, it is flagged as invalid or tampered.

User Roles & Capabilities

The system defines three distinct actors, each with specific privileges and constraints.

University Administrators

  • Identity Verification: Must register using an official @futa.edu.ng email address.
  • Issuance: Capabilities to generate new digital certificates for verified graduates.
  • Revocation: Authority to revoke certificates in cases of errors or academic misconduct. This triggers a transaction on the blockchain to flag the credential as invalid.
  • Batch Operations: Ability to process multiple certificates simultaneously via CSV uploads.
  • Analytics: Access to dashboards showing issuance statistics and verification logs.

Graduates

  • Identity Verification: Must register using their institutional email address.
  • Portfolio: Access to a digital wallet containing all issued credentials.
  • Sharing: Ability to generate verification links and QR codes to share credentials with third parties without revealing sensitive personal data.
  • Download: Capability to download official PDF versions of their certificates.

Employers

  • Open Access: Can register using any valid email address.
  • Verification: Capabilities to verify the authenticity of certificates via QR scan or manual key entry.
  • Reporting: Ability to download official verification reports for HR records.
  • Search: Access to a search directory to verify graduates by name or certificate ID.
  • API Access: Programmatic access to the verification endpoints for integration with internal HR systems.

API Documentation

The system exposes a RESTful API. All endpoints require an active JSON Web Token unless stated otherwise.

Authentication Endpoints

POST/api/v1/auth/registerRegisters a new user
POST/api/v1/auth/loginAuthenticates a user

Certificate Endpoints

POST/api/v1/certificates/issueRestricted to Administrators
POST/api/v1/certificates/verifyPublic access
GET/api/v1/certificates/my-certificatesRestricted to Graduates

Technology Stack In-Depth

Frontend Technologies

  • Next.js 14: A React framework that provides server-side rendering, static site generation, and API routes. We utilized the App Router for a more intuitive file structure and improved data fetching strategies.
  • TypeScript: A strict syntactical superset of JavaScript that adds static typing. This ensures type safety across the entire frontend codebase, reducing runtime errors.
  • Tailwind CSS: A utility-first CSS framework. It allows for rapid UI development without leaving the HTML context, ensuring consistent design and responsiveness.
  • Framer Motion: A production-ready motion library for React. It is used to create smooth, complex animations for page transitions and micro-interactions, enhancing the user experience.
  • React Hook Form & Zod: These libraries work in tandem to manage form state and validation. Zod provides schema validation that integrates seamlessly with TypeScript types, while React Hook Form ensures high performance by minimizing re-renders.

Backend Technologies

  • Node.js & Express.js: The runtime environment and application framework chosen for their non-blocking I/O model, which is ideal for handling concurrent requests typical in a web application.
  • Prisma ORM: A next-generation Object-Relational Mapper. It provides type-safe database access and allows for schema migrations. It acts as the bridge between the Node.js application and the PostgreSQL database.
  • JWT & bcryptjs: Used for securing the application. JWT facilitates stateless authentication, while bcryptjs ensures that user passwords are hashed and salted before storage.
  • Fabric SDK: The official Hyperledger Fabric SDK for Node.js. It allows the backend application to interact with the blockchain network, submit transactions, and query the ledger state.

Blockchain Technologies

  • Hyperledger Fabric 2.5: A permissioned blockchain framework. It was chosen over public blockchains like Ethereum to eliminate transaction fees and ensure data privacy.
  • GoLang: The language used to write the Smart Contracts, or Chaincode. Go was selected for its performance and robust standard library.
  • Docker & Docker Compose: Used to containerize the blockchain network. This ensures that the network runs consistently across different development and production environments.

Infrastructure & DevOps

  • Vercel: The deployment platform for the frontend. It provides continuous deployment from Git, automatic HTTPS, and edge caching for high performance.
  • Supabase: An open-source Firebase alternative. It provides the PostgreSQL database, authentication services, and real-time subscriptions.
  • GitHub Actions: Used for Continuous Integration and Continuous Deployment pipelines. It ensures that code is tested and linted before it is merged into the main branch.

Need More Help?

Check our contributing guide or reach out to the development team for support.