API ReferenceRelay

Create a Privacy Pass

Issues a Privacy Pass token by blind-signing a client-provided blinded token (Blind RSA, RFC 9578). The returned blind signature is unblinded client-side to produce a Privacy Pass token that can later be redeemed anonymously (for example, when generating a Relay claim).

Authentication

AuthorizationBearer

Bearer authentication of the form Bearer <token>, where token is your auth token.

Headers

Key-InflectionenumOptional
Determines casing for the API response.
Allowed values:
Idempotency-KeystringOptional
Ensures the request is idempotent.
Persona-VersionenumOptional
Server API version. More info on versioning can be found [here](https://docs.withpersona.com/versioning).

Request

This endpoint expects an object.
blinded-tokenstringRequired

The base64url-encoded blinded token to be signed. Produced client-side by blinding a token input with the issuer public key identified by key-id.

key-idstringRequired

The hex-encoded identifier of the issuer signing key to use. Must match the key the blinded-token was blinded against.

Response headers

RateLimit-Limitinteger
The maximum number of requests permitted in the current rate limit window for the API key used to authenticate the request. Returned on every authenticated response.
RateLimit-Remaininginteger
The number of requests remaining in the current rate limit window for the API key used to authenticate the request. Returned on every authenticated response.
RateLimit-Resetinteger
The number of seconds until the current rate limit window resets. Returned on every authenticated response.
Request-Idstring

The unique identifier of the API log entry that recorded this request. Starts with req_. Include this value when reaching out to Persona support. Present on every authenticated response, including error responses.

Persona-Environment-Idstring
The token of the Persona environment that handled the request. Returned on every authenticated response, including most error responses.
Persona-Organization-Idstring
The token of the Persona organization that handled the request. Returned on every authenticated response, including most error responses.

Response

Returns the blind signature for the submitted blinded token.
blind-sigstring

The base64url-encoded blind signature. Unblind this client-side to produce the Privacy Pass token.

Errors

400
Bad Request Error
401
Unauthorized Error
403
Forbidden Error
404
Not Found Error
409
Conflict Error
422
Unprocessable Entity Error
429
Too Many Requests Error