Verification Server Overview
The verification server functions to verify an app user’s identity and track data surrounding a user’s diagnosis including the type of diagnosis, date of COVID test, and date of symptom onset.
A high level overview of the verification server can be found here: https://developers.google.com/android/exposure-notifications/verification-system
Verification Steps
User Verification and Key submission comprises the first 8 steps in the above diagram.
The app user contacts a contact tracer to report a diagnosis or suspicion of COVID-19. The contact Tracer client will make a call to the Verification Server to generate a Verification Code .
The Verification Server will generate a Verification Code and return it to the Contact Tracer client along with a UUID that can be used to check the status of the code and other metadata pertinent to the user’s diagnosis (type of diagnosis, date of COVID test, and date of symptom onset, etc).
The Contact Tracer will communicate the Verification Code to the user.
The user will input the Verification Code into the mobile app. The app will make a call to the Verification Server to validate the Verification Code.
If the Verification Code is valid then the server will return a Long Term Token
The Long Term Token can then be used to request a Verification Certificate
The Verification Server will generate a Verification Certificate containing all of the user’s diagnosis metadata
Using the Verification Certificate the mobile app can publish all of the user’s Exposure Keys to the Exposure Server
The above steps can be distilled down to 3 calls to the Verification Server for verification
A call to generate the Verification Code (
/issue
)A call to verify the Verification Code (
/verify
)A call to retrieve the Verification certificate (
/certificate
)
Web Interface
Development URL: https://verify-gaen.extremesolution.com/
Production URL: https://verify.projectaurora.cloud/
Within the Verification Server Web Interface you can,
Generate Verification Codes
Check on the status of a verification code using its UUID
Furthermore Admin Accounts can
Generate Admin and Device API keys
Add users to the realm
Configure the realm settings
To log in to a realm, an admin must first add you to the user list
APIs
The Verification Server has 2 APIS
An Admin API for Generating Codes
A Device API for Verifying Codes and generating the Verification Certificate
The swagger Specs for both APIs can be found here
Verification Server Swagger Specs
Interfacing with either API will require the appropriate API key which can be generated in the Web Interface. API keys must be included the the request headers for proper authorization.
API URLs
Development Admin API: https://adminapi.gaen.extremesolution.com
Development Device API: https://api.gaen.extremesolution.com
Production Admin API: https://api.verify.projectaurora.cloud
Production Device API: https://adminapi.verify.projectaurora.cloud
Admin API
Route | Description | Example Request Body | Example Response Body |
---|---|---|---|
{{base_url}}/api/issue | Generate Verification Code | {
"testtype": "confirmed",
"symptomdate": "2020-08-14"
} | {
"uuid":"d9ca1d62-6305-4c76-89fa-1d7fb0a00f97",
"code":"39789040",
"expiresAt":"Fri, 14 Aug 2020 19:11:47 UTC",
"expiresAtTimestamp":1597432307,
"error":""
} |
Device API
Route | Description | Example Request Body | Example Response Body |
---|---|---|---|
{{base_url}}/api/verify | Verify Verification Code | {
"code": "39789040"
} | |
{{base_url}}/api/certificate | Generate Verification Certificate |