Overview
Calls
- •signup
- •getsalt
- •login
- cors•user/lookup
- cors•<user>/pgp_keys.asc
- •key/add
- •key/fetch
- •session/killall
- •sig/next_seqno
- •sig/post
- •sig/post_auth
- cors•merkle/root
- cors•merkle/block
Other details
merkle/root
CORS Support | Yes! AJAX can work from any website. | |
GET | https://keybase.io/_/api/1.0/merkle/root.json
|
|
SAMPLE PARAMS |
seqno: 10 # optional
ctime: 1398285664 # optional
|
|
SAMPLE OUTPUT |
{
"status": {
"code": 0,
"name": "OK"
},
"hash": "803b4d2024952280c1cc10f408596951b5d23e...",
"seqno": 1052,
"ctime_string": "2014-04-27T12:46:05.000Z",
"ctime": 1398602765,
"sig": "-----BEGIN PGP MESSAGE-----
Version: GnuPG...",
"payload_json": "{"body":{"key":{"fingerprint":"03...",
"txid": "49fde49b575382954b42920d91057915"
}
|
|
WATCH FOR | "NOT_FOUND"
|
merkle/root
Every user has a public signature chain, which can be fetched with then user/lookup API endpoint as described above. All of ends of these chains are then hashed as leaves in a Merkle tree, with interior nodes hashed as normal, yielding a merkle tree root. This root therefore captures all public signatures across all users in Keybase. It's possible to verify the end of any user's signature chain (and therefore all of his/her signatures) by knowing the global site-wide Merkle root, and the nodes descending from the root to the user's leaf.
This call returns the current site-wide Merkle root hash. It should change
whenever anyone on the site uploads a new signature to their signature chain.
It also returns the server's signature of this root, as well as the payload
of that signature. The public verification key is shipped with the Keybase client
or is available here via HTTPS.
Finally a txid
identifies the last
transaction that made it into the Merkle.
SHA-512 is used for all Merkle-tree hashes. Hashes computed over JSON objects assume no unneeeded interior spacing, and that object keys are sorted in hexadecimal order.
This endpoint takes one of two optional parameters. If the caller
specifies a seqno
, then the root with that sequence number
is returned (if found). If the caller specified a ctime
,
then the first root on or after that time (interpreted as UTC time)
is returned.