Skip to main content

Setup your Development Environment

You’ll need an active Algorand dApp and Node.js installed to use the Ciphera React widget.

1. Install the SDK

Install the ciphera-sdk from npm. This package contains both the React frontend widget and the server-side verification utilities. 
npm install ciphera-sdk

2. Add the React Widget

Import the <Ciphera /> component into your application. Place it wherever you want users to initiate the KYC process.
src/App.tsx
import { Ciphera } from 'ciphera-sdk';

export default function MyDeFiApp() {
  const handleVerificationSuccess = (credential) => {
    console.log("User successfully verified with Nullifier:", credential.nullifier);
    // Proceed to unlock regulated features (e.g., funding an account)
  };

  return (
    <div>
      <h1>Welcome to My DeFi Protocol</h1>
      <p>Please complete KYC before trading.</p>
      
      {/* 
        The appId is REQUIRED. This ensures the user's nullifier is completely 
        unique to your application, preventing cross-app tracking.
      */}
      <Ciphera 
        appId="my-defi-protocol-v1" 
        onVerified={handleVerificationSuccess} 
      />
    </div>
  );
}
If your architecture includes a separate backend (Node.js, python, etc.), you must independently verify that the wallet actually holds the credential before allowing database operations. You can do this without seeing any PII.
src/server/api.ts
import { checkKYCStats } from 'ciphera-sdk';
import algosdk from 'algosdk';

// Initialize your Algod Client (Testnet or Mainnet)
const algodClient = new algosdk.Algodv2('', 'https://testnet-api.algonode.cloud', '');

// The standard Ciphera NullifierRegistry App ID on Testnet
const REGISTRY_APP_ID = 756272073;

export async function checkUserStatus(walletAddress: string) {
  // Queries the Algorand blockchain and the Sparse Merkle Tree
  const isVerified = await checkKYCStats(algodClient, walletAddress, REGISTRY_APP_ID);
  
  if (isVerified) {
    return { status: "approved", message: "User is KYC verified and not revoked." };
  } else {
    return { status: "rejected", message: "KYC missing, revoked, or fraud detected." };
  }
}

How it works for your Users

When your users click the widget:
  1. They securely download an Offline XML from the government UIDAI portal.
  2. The widget generates the zero-knowledge proof locally on their device.
  3. Their raw data is immediately deleted from memory.
  4. The cryptographic proof is submitted to the Algorand blockchain.
  5. They receive an anonymous, non-transferable credential in their wallet.
  6. The onVerified callback fires, returning control to your application.
Dive into the cryptographic architecture or read about our Shamir key security model to understand how we make this legally compliant via conditional accountability.