Getting Started

General Information

The CommonsDB API facilitates the declaration of metadata and rights using cryptographic methods. This section provides an overview of key processes required for making API calls.

Overview

CommonsDB uses a combination of cryptographic signatures and structured metadata to ensure the integrity and authenticity of content declarations. Understanding these fundamental concepts is essential for successful API integration.

Key Concepts

Cryptographic Validation

All declarations in CommonsDB use cryptographic signatures to ensure:

Authenticity: Proof that the declaration comes from the claimed source
Integrity: Assurance that the data hasn't been tampered with
Non-repudiation: The ability to prove that a declaration was made by a specific entity

Decentralized Identifiers (DIDs)

CommonsDB uses Decentralized Identifiers to associate cryptographic keys with domain ownership, enabling trustless verification of declarations.

Metadata Collection

To make a proper API call, a structured metadata object must be included in the HTTP request body.

Metadata Structure

The metadata object contains essential information required for a declaration, including:

Internal Identifiers: Such as declarerId, iscc, and cid
Cryptographic Signatures: For validation, namely signature and tsaSignature
Declaration Metadata: The declarationMetadata section stores publicMetadata

Example Metadata Object

Code(json)
 
{
  "declarerId": "did:web:example.com",
  "iscc": "ISCC:KACYPXW445FNGZZ2",
  "cid": "QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG",
  "signature": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9...",
  "tsaSignature": "base64-encoded-tsa-signature",
  "declarationMetadata": {
    "publicMetadata": {
      "title": "Example Content",
      "creator": "John Doe",
      "description": "Sample content description",
      "contentType": "text/plain",
      "license": "CC-BY-4.0"
    }
  }
}

Required Fields: All metadata objects must include cryptographic signatures (signature, tsaSignature) for successful validation.

Metadata Validation Process

Structure Validation

The API validates that all required fields are present and properly formatted.
Signature Verification

The cryptographic signature is verified against the declared identity using the associated cryptographic keypair.
Timestamp Validation

The TSA signature is validated to ensure the declaration was made at the claimed time.

Best Practices

Security Considerations

Never include sensitive information in publicMetadata
Ensure your private keys are securely stored and never transmitted
Validate all metadata before signing

Next Steps

Now that you understand the basics of metadata collection, you can proceed to:

Set up X.509 certification for cryptographic authentication
Learn about certificate signatures for metadata validation
Explore the Declaration API for making your first declaration

Last modified on October 23, 2025

Getting Started Verifiable Credentials