Keyri can be incorporated into any backend framework. The examples below show vanilla JS and Node.js specifically, but the basic cryptographic and API endpoint creation principles can be applied in other backend environments.
We recommend integrating Keyri as a module in your existing authentication server.
You need to generate public and private keys (RSA) for asymmetric encryption (to ensure that no one except you can access sensitive data). Those items must be unique and must remain static over the lifetime of your project. Since the publicKey is hardcoded on mobile side to initialize the Keyri SDK, and everything passed to your server from your mobile app will be encrypted using this publicKey, the only one way to decrypt this data is to use the privateKey associated with this publicKey.
We recommend storing the private key in a .ENV file, similar to how you would handle other sorts of API keys.
Example RSA keys
publicKey: BEqcK01/TCT1T5TV3bzIX+h4SGJ1WSwBemdiWNmOk+jTNW+z2arDr9X7unxFe1p9T/WkXQOqlSfkgEhiC77dh/k=
privateKey: 3TRpzwgQcDXHXZbNM1yd6Pm0OVCNDU35FLjCAqzmAFI=
decoded cipher looks like this:
This code example shows how you can realize api-method to verify sessions and return auth data to client.
See below for an example of full implementation for the keyri-api.