OST Platform Developer Resources: Deploy Brand Tokens Without Writing Any Blockchain Code
OST Platform provides everything you need to test, integrate, and deploy your own Brand Currency on scalable side blockchains. OST Platform APIs, SDKs, and dashboards enable fast and painless integration into any app, without any blockchain expertise — so you can focus on your business and leave the blockchain bits to us.
This post introduces the all new OST Platform Developer Resources
As a developer exploring the OST platform, we hope you enjoy engaging with the technology and interacting with the OST blockchain protocols, contracts, APIs, and SDKs.
At the core of OST is the concept of OST-powered Brand Tokens (BTs). BTs are white-label cryptocurrency tokens running on highly-scalable OST sidechains, supported by staking value tokens (such as the OST Token) on Ethereum mainnet. This enables companies to deploy BTs that function like rewards points, which can be deployed to incentivize and reward users and to drive growth and retention.
You can easily setup your Brand Tokens in the OST Platform SaaS dashboards before turning to the Developer Resources to work on your integration.
OST Platform Overview
OST Platform is a complete technology solution enabling businesses to easily launch blockchain-based economies without requiring blockchain development. Developers can use OST Platform to create, test and launch Brand Tokens backed by value tokens such as the OST Token.
The diagram below illustrates how the different integration components of OST Platform work together and interact with your technology.
OST APIs and Server Side SDKs make it simple and easy for developers to integrate brand tokens into their apps. The SDKs provide various methods and URLs for different services like users, tokens, transactions, wallet services corresponding to an end-user of the economy.
These SDKs are designed so that the server side components can support different approaches. They will be used for server to server interactions and they will be paired with the relevant wallet SDK. They can also be paired with your web application.
OST Wallet SDK enables users to transact with Brand Tokens from within your mobile app, without requiring them to directly manage their private crypto keys. This involves private key management, authorization and recovery services in addition to authentication.
The OST Platform is built on OpenST Protocol. The protocol enables the creation of BTs and allows BT economies to scale to billions of transactions. You can learn more about the OpenST Protocol at Github/OpenST
Using OST Platform SDKs provides a number of advantages
- Simplicity: The SDKs reduce the complexity of integration by handling multiple authentication scenarios automatically, allowing for a more seamless user experience.
- Performance: Caching, key management and nonce management ensure that end-users’ overall experience is smooth.
- Security: Separating the Server Side API interactions from the mobile wallet SDK ensures that private keys are generated and stored securely on the user’s device and not shared across the network.
A number of platform-specific SDKs are available to integrate OST APIs and wallet SDK into your applications. These SDKs provide a safe and secure way to quickly implement a token economy within your app.
The following SDKs are actively maintained and supported:
- PHP for server-side applications
- Ruby for server-side applications
- Node.js for server-side applications
- Java for server-side applications
For wallet integration, we provide mobile wallet SDKs for Android and iOS applications.
The OST Wallet SDKs for Android & iOS: Seamless User Experience Without Compromising on Security
The OST Wallet SDKs enables end-users to comfortably and safely interact with Brand Tokens within existing mass-market mobile apps. Developers can integrate Brand Tokens into any app without encumbering the user experience, and take advantage of OST’s innovative wallet recovery methods.
The OST Wallet SDK supports non-custodial wallets, where users hold the keys and can transact with the Brand Tokens using their mobile devices. The mobile-first approach takes advantage of the security features of modern mobile devices to securely generate the required keys on the user’s mobile device and encrypt them using the secure enclave (on iOS) or keystore (on Android).
The OST Wallet SDK natively supports multi-device access. Thus a user can have independent private keys on different devices, all controlling the same tokenHolder contract. This allows for more modular management of keys and revocation of keys that may have been compromised. These features are used in the OST smart-contract based recovery wherein a user input (which is minimally a 6 digit PIN), an application or client input (which is minimally a 30 character string) and input from OST are combined in a cryptographically secure manner to prove the user’s ownership of the Brand Tokens and authorize a new device.
The user input — assumed to be a 6 digit PIN — is also used to guard access to sensitive operations such as authorizing devices, viewing the mnemonic phrase, etc.
The user can use a 6 digit PIN to authorize a sessionKey. These ephemeral sessionKeys, which remain active for a period of time chosen by the user or developer of the application (based on the implementation) obviate the need for the user to sign every transaction within the application thereby creating a more seamless user experience. Thus, the user can engage with the Brand Token economy without interruption during an authorized session. When a session expires, they may use the 6 digit PIN to authorize a new session.
To further reduce friction, the SDK also supports the use of biometrics for this the second level of authentication of the user i.e a user can use biometrics to authorize a session, request a mnemonic phrase etc.
The intended user experience is that most users will set a 6 digit PIN and then add their biometrics, from that point on all day-to-day usage of the wallet (e.g. spend tokens with the client ) can be done with the biometrics. The PIN is only used thereafter for recovery or if the biometrics are not functioning. (Note: The user does not need to use her PIN or biometrics to view her wallet balance or ledger, rather only to re-authorize a session to spend tokens.)
OST clients can enable their users to use fully functional wallets with only setting 6 digit PINs for recovery. The 6 digit PIN, on its own, does not provide enough entropy to be secure. The Wallet SDK combines inputs from the user (PIN), the Client, and from OST and the concatenated string undergoes a transformation through a cryptographically secure process to generate a recoveryKey that can be used to request recovery using a smart-contract. The recovery smart contract (known as the delayedRecoveryModule) enforces a 12 hour waiting period during which the user can abort the recovery request using any of their authorized devices, further protecting the user from malicious recovery requests.
Optionally OST clients can also enable experiences for their users to recover access to their Brand Tokens from a second device and/or recover from 12 written words, however, these are optional implementations.
Easy to integrate
All the functionality above is bundled into iOS and Android SDKs that a Brand can use to integrate this functionality into their application. Also provided is a UX case study with screens and flows and helpful suggestions and a reference implementation in the form of sample iOS app and sample Android app. To further support Brands and their user’s in engaging safely with the Brand Tokens, OST will review the implementations of the SDKs to ensure that they meet the design and security standards.
When you integrate Brand Tokens into your application, please remember to:
- Create and maintain a map of OST Platform user_id to the user’s profile on their app
- Generate and safely store a 30 character “secret” for each user. This “secret” is used for the recovery and thus must be unique to each user.
We provide mobile wallet SDKs and server side SDKs to complete your integration:
- The OST Platform Server SDKs provide your application with various methods for different services like users, tokens, wallet services corresponding to an end-user of the economy.
- Server SDK is available for PHP, Ruby, Java, Node.js.
- The Wallet SDK adds support for users to own their tokens without requiring them to directly manage their private crypto keys. This essentially means providing private key management, authorization and recovery services in addition to authentication.
- Wallet SDKs are available for Android and iOS
The following SDK guides are designed to help you get familiarized with the bare necessities, giving you a quick and clean approach to getting up and running.
- Integrate the OST server side SDK with quickstart guide available for PHP
- set up the Wallet SDK on android or iOS devices.
- Create a wallet for a user
- Send some tokens to the user
- Test a user initiated transaction
- Familarize yourself with some important concepts and helpful definitions through this guide.
This section shares the sample applications that we put together for your reference to show how integration with wallet SDK works.