# Providing User Data Retrieval API

The Data Issuer is required to expose a REST API that facilitates secure user data token retrieval. The API should be designed to authenticate the user robustly, ensuring that only the legitimate owner can access the data. The zkPass SDK does not dictate the precise authentication mechanisms, API semantics, or response formats, providing developers the flexibility to implement an approach best suited to their application's architecture.

The Data Issuer needs to make sure the user data is in JSON encoding. The DVR app architecture does not dictate the schema or structure of the user data, however, JSON encoding is required.

By conforming to these guidelines, Data Issuers contribute to the robustness and security of the DVR app infrastructure, ensuring an optimized and secure experience for all users involved.

## <mark style="color:blue;">Dvr Module Client Integration</mark>

<mark style="color:orange;">**Signing the User Data**</mark>

As the authority provisioning sensitive user data, the Data Issuer plays a critical role in the DVR ecosystem. To ensure the authenticity of the user data, the Data Issuer must sign this sensitive information into a JWS (JSON Web Signature) token.\
The signing of the user data by the Data Issuer is illustrated by part of the DVR/zkPass call sequence, which is highlighted in red below:

<figure><img src="/files/ciJr39WSnILfV9udVVBL" alt=""><figcaption></figcaption></figure>

The Dvr module client SDK library provides a specialized utility method for this purpose: `callDvrGenerateUserDataToken`.  How to digitally sign the user data using the Dvr module client SDK library is illustrated by the code snippet below.

```typescript
// Step 1: Instantiate DvrModuleClient
const dvrModuleClient = new DvrModuleClient({
      baseUrl: SERVICE_URL,
      apiKey: API_KEY,
      secretApiKey: API_SECRET,
    });
//
// Step 2: Call the DVR module client's callDvrGenerateUserDataToken
//         This is to digitally-sign the user data.
const userDataToken = dvrModuleClient.callDvrGenerateUserDataToken(
      signingKey,
      JSON.stringify(data),
      verifyingKey
    );
```

Parameters passed to `callDvrGenerateUserDataToken`:

* **signingKey**\
  This is the signing private key owned by the Data Issuer.
* **JSON.stringify(data)**\
  This is a stringified JSON user data.
* **verifyingKey**\
  This is a key to validate user data token.<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://gl-docs.gitbook.io/zkpass/zkpass-developers-guide/zkpass-modules/dvr/dvr-client-roles/data-issuer/providing-user-data-retrieval-api.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.