Skip to content

User Identities


This page serves to explain the basics of user identities in the context of building apps. To learn more about Verified Identities on Mercata, please visit the Verified Identities Page.

All users on Mercata have a verified User identity stored on the Certificate Registry/Identity Dapp on the Mercata Main Chain. A user’s primary identity information is contained in an authenticated X.509 certificate.

Developers should use the getUserCert SolidVM built-in to get user certificates in their smart contracts, and query the "CertificateRegistry"/"Certificate" tables in the Cirrus API to read certificate data from their application.

The CertificateRegistry application exists at address 0x509 on the Mercata Main Chain, as a nod to the X.509 Certificate standard.

Since user identities are verified and guaranteed to exist for every user on STRATO Mercata, application developers can use these X.509 certificate credentials to identify users making transactions in their apps.

In general, there 3 general places where identity needs to be accessed:

  • VM/Smart Contract Logic
  • Application Middleware
  • Application UI

The latter two methods will both typically use the STRATO Cirrus API to query the Certificate SQL table, rather than making “getter” function calls on contract data, or accessing raw contract state of a singular contract.

Using Identity in Contracts

Developers can use the built-in SolidVM identity functions to get an address’ verified identity:

function getUserCert(_address address) returns (mapping(string => string));

This function returns a mapping containing the fields from the subject’s identity:

  • commonName
    • The account's registered Common Name (CN)
  • organization
    • The account's registered Organization (O)
  • organizationalUnit
    • The account's registered Organizational Unit (OU)
  • country
    • The account's registered Country (C)
  • publicKey
    • The account's registered Public Key
  • DER encoded
    • This is identical to the account's public key in STRATO's Vault
  • certString
    • The DER encoded string of the user's X.509 certificate
  • expirationDate
    • The Unix timestamp of the expiration of the certificate and can be parsed as an int to be used in mathematical contexts.

Almost all of the same fields can also be queried on the Certificate table in the Cirrus API.

The tx built-in also has identity-related fields relating to the tx.origin address:

  • .organization
    • The organization of the origin
  • .organizationalUnit
    • The organizationalUnit of the origin
  • .username
    • The common name of the origin
  • .cert
    • The certificate string of the origin

Identity in the Cirrus API

Since certificates are stored as Smart Contracts on-chain, their data can be accessed directly using the Cirrus API:

GET /cirrus/search/Certificate

Once Certificate data has been fetched, it can be used programmatically in the application backend to complete business logic based on real-world user credentials, or displayed in the UI to show Asset ownership information, or other data fields where real-world user information is important.