Truthlocks B2B Onboarding Pack
Strategic Integration Guide for Enterprise Issuers
Executive Summary
This document outlines the end-to-end journey for private sector organizations adopting Truthlocks to issue, manage, and verify digital attestations. Truthlocks provides a high-integrity "Source of Truth" without the overhead of blockchain, utilizing signed checkpoint transparency and robust tenant isolation.
1. Architecture Overview
Truthlocks is built on the principle of High-Integrity Provenance.
- No Blockchain: Unlike legacy DLT solutions, we focus on high-speed, verifiable transaction logs that are cryptographically signed by both the Issuer and the Platform.
- Signed Checkpoint Transparency: Every action within a tenant realm is logged and periodically "checkpointed." These checkpoints are public-eligible but payload-private, ensuring transparency without data leakage.
- Proof Bundles: End-users (consumers) receive self-contained proof bundles that can be verified offline or via the Truthlocks Verify portal.
2. Security & Trust Model
Our security architecture follows a multi-layered defense strategy:
| Layer | Implementation |
|---|---|
| Identity | Federated SSO (OIDC/SAML) + Hardware MFA support. |
| Cryptography | Ed25519 signing keys for issuers; AES-256-GCM for data at rest. |
| Isolation | Row-Level Security (RLS) ensures absolute separation between tenant data. |
| Key Lifecycle | Automated rotation schedules and tamper-evident revocation logs. |
3. The Onboarding Workflow
Issuers move through four distinct phases:
- Application: Submission of organizational evidence to the Platform Admin.
- Verification: Platform review of institutional credentials and signing key ownership.
- Tier Assignment: Allocation of trust tiers (Standard vs. Verified) based on evidence depth.
- Activation: Issuance of API keys and configuration of tenant webhook endpoints.
4. Integration Roadmap
Engineering teams should follow this sequence for a successful rollout:
- Auth & API Keys: Issue system-to-system keys via the Tenant Console.
- Webhook Registration: Subscribe to
attestation.mintedandissuer.updatedevents. - SDK Setup: Initialize the Go or JavaScript SDK with your tenant credentials.
- Environment Separation: Utilize separate
DevelopmentandProductionrealms for CI/CD safety.
5. Billing & Entitlements
Truthlocks utilizes a "Pay-as-you-grow" model controlled via Entitlements:
- Quotas: Soft and hard limits on attestation volume and concurrent users.
- Features: Modular access to advanced auditing, multi-region residency, and enterprise SSO.
- African Gateways: Full support for Flutterwave and Paystack for regional compliance and currency handling.
Appendix: Sample Workflow
sequenceDiagram
participant I as Issuer (B2B)
participant T as Truthlocks Platform
participant C as Consumer
I->>T: Post /v1/attestations/mint
T-->>I: 202 Accepted (Queued)
T->>T: Log & Sign Checkpoint
T->>I: Webhook (attestation.minted)
I->>C: Deliver Proof Bundle (Email/App)
C->>T: Verify via verify.truthlocks.com
[!NOTE] This guide is intended for institutional decision-makers and technical leads. For API specifics, see the Technical Integration Pack.