Integration Guide

Prerequisites and Planning

Before beginning integration, ensure your organization has identified the specific sustainability metrics requiring verification and the stakeholders who need proof access. Technical requirements are minimal: any system capable of making HTTPS requests can integrate with ObscuraProof. We support all major cloud providers and on-premise deployments, with Docker containers available for simplified installation.

Your data sources should be accessible programmatically, whether through APIs, database connections, or file exports. ObscuraProof handles various data formats and can process both real-time streams and batch uploads. For IoT integrations, we support industry-standard protocols including MQTT, OPC UA, and REST APIs.

Connection Architecture Setup

The integration architecture consists of three primary components: data connectors, the proof engine, and verification endpoints. Data connectors run within your infrastructure, ensuring sensitive data never leaves your control unencrypted. These connectors transform raw data into cryptographic commitments before transmission to the proof engine.

// Initialize ObscuraProof client
const obscura = new ObscuraProof({
  apiKey: process.env.OBSCURA_API_KEY,
  endpoint: 'https://api.obscuraproof.com',
  dataSource: 'production-sensors'
});

// Connect data source
await obscura.connect({
  type: 'iot-stream',
  protocol: 'mqtt',
  config: {
    broker: 'mqtt://sensors.local',
    topics: ['energy/*', 'emissions/*']
  }
});

// Define proof requirements
const proofConfig = {
  circuit: 'carbon-reduction',
  baseline: '2023-01-01',
  metrics: ['total_emissions', 'energy_intensity'],
  threshold: 0.25 // 25\% reduction target
};

Proof Generation Workflow

Once connected, ObscuraProof continuously processes incoming data to maintain current cryptographic commitments. When verification is needed, the system generates proofs on-demand without accessing the original data. This separation between data processing and proof generation ensures maximum privacy while enabling real-time verification.

The proof generation workflow follows a deterministic process. First, relevant commitments are retrieved based on the verification requirements. Next, the zero-knowledge circuit performs the necessary calculations without decrypting the data. Finally, the resulting proof is cryptographically signed and made available to authorized verifiers.

Verification Integration

Verifiers (whether banks, regulators, or auditors) interact with ObscuraProof through simple REST APIs. No special software or cryptographic knowledge is required. Verification endpoints return boolean results with optional metadata, making integration straightforward for existing risk management and compliance systems.

// Verifier integration example
const verifyProof = async (proofId) => {
  const response = await fetch(`https://verify.obscuraproof.com/api/v1/proof/\${proofId}`, {
    headers: { 'Authorization': `Bearer \${verifierToken}` }
  });
  
  const result = await response.json();
  return {
    valid: result.verified,
    metric: result.claim,
    timestamp: result.generatedAt,
    publicInputs: result.publicInputs
  };
};

Security Configuration

Security configuration begins with API key management and extends through network policies, encryption settings, and access controls. ObscuraProof supports integration with existing identity providers through SAML and OAuth2, enabling single sign-on and centralized access management.

All data transmission uses TLS 1.3 with perfect forward secrecy. API keys are scoped to specific operations, preventing unauthorized access even if credentials are compromised. For high-security deployments, we support hardware security modules (HSMs) for key management and secure enclaves for proof generation.

Testing and Validation

Our testing framework ensures integration correctness before production deployment. The sandbox environment provides identical functionality to production, allowing complete testing without affecting live systems. Automated test suites verify data ingestion, proof generation, and verification workflows.

Performance testing tools help optimize integration for your specific use case. Load testing ensures the system handles expected transaction volumes. Security scanning identifies potential vulnerabilities before deployment. Our technical team reviews all integrations to ensure best practices are followed.

Production Deployment

Production deployment follows a phased approach to minimize risk. Initial deployment typically focuses on a subset of data or specific use case, expanding as confidence grows. Our monitoring tools provide real-time visibility into system performance, with alerts for any anomalies.

Deployment options include fully managed SaaS, private cloud deployment, and on-premise installation. Each option provides the same core functionality with different levels of control and responsibility. Migration between deployment models is supported, allowing organizations to start with SaaS and move to on-premise as needed.