YOYOW Middleware Instruction(Nodejs)

Using YOYOW middleware is the easiest way to integrate with the platform. It mainly provides three interfaces: account authorization, platform incentives and content chaining. You can use Docker one-click deployment to get the corresponding API, and easily interact with the YOYOW blockchain.

YOYOW middleware communicates with YOYOW network through the API interface of YOYOW node, which provides platform service providers with convenient access to data on the chain, ensuring that the traditional business codes can also reach the requirements of being on chain with only minimal changes. The specific diagram is as follows: YOYOW middleware role diagram

For the creation steps of the platform, please refer to: Create a YOYOW platform account from scratch

Deployment Start

Configuration File Description

The path to the configuration file is in the conf/config.js file in the code path. If you start it in docker mode, you can map the configuration file to the /app/conf directory in the container.

    // The api server address, the testnet public api address is as follows, for the official network deployment, please change the address
    apiServer: "ws://",
    // The validity time of the security request, and the unit is "s". If the requested content exceeds the validity period, it will return 1003 the request has expired.
    secure_ageing: 60,
    // The platform security request verification key can be customized. For details, see "Security Access".
    secure_key: "",
    // Platform owner active key 
    active_key: "",
    // Platform owner secondary key
    secondary_key: "", 
    // Platform owner memo key
    memo_key: "",
    // Platform id (yoyow id)
    platform_id: "",
    // Whether to use points for the operating fee
    use_csaf: true,
    // Whether the transfer is transferred to the balance, otherwise it is transferred to tipping
    to_balance: false,
    // Wallet authorization page URL, testnet address is as follows, official network address “https://wallet.yoyow.org/#/authorize-service”
    wallet_url: "http://demo.yoyow.org:8000/#/authorize-service",
    // The IP list that is allowed to access; forcing the specific IP address to be specified. "*" or "" is not supported at this time.
    allow_ip: ["localhost", ""]


  1. In the general use scenario, the middleware value needs to use the secondary key and the memo key at most, and just the secondary key and the memo key can satisfy most of the requirements. Do not write the active key into the configuration file unless you are sure you need to use the active key.
  2. The middleware uses the restriction IP (allow_ip) and encryption request (secure_key) to ensure security. However, it is still strongly recommended that the intranet be deployed and isolated, and the security of the private key is quite important.
  3. It is recommended to use the point deduction for the operation fee. If the deduction fails, it will directly report the error and will not automatically deduct the tipping as the fee.

Docker One-Click Deployment

docker run -itd --name yoyow-middleware -v <Local configuration file path>:/app/conf -p 3001:3001 yoyoworg/yoyow-middleware

Manual Deployment

  1. clone source code git clone git@github.com:yoyow-org/yoyow-node-sdk.git
  2. Modify middleware configuration;modify the file yoyow-node-sdk/middleware/conf/config.js with reference to the configuration file description ().
  3. The node library required to install the middleware service; go to the ~/yoyow-node-sdk/middleware/ directory and find npm install.
  4. Start middleware service npm start

Normal start as shown below Normal start situation as shown

Interface Descriptions

Request Documentation and Examples

4. About Auth

4.1. Signature Platform


Requst Type:GET

Request Parameters:null

Request Example:


Return Results:

      code: operation results,
      message: return message,
      data: {
        sign: signature results,
        time: operation time millisecond value,
        platform: platform owner id,
        url: wallet authorization url
4.2 Signature Verification


Request Type:GET

Request Parameters:

{Number} yoyow - account id
{Number} time - operation time millisecond value
{String} sign - signature results

Request Example:


Return Results:

  code: operation results,
  message: return message,
  data: {
    verify: is the signature successful or not,
    name: signed YOYOW user name
4.3 Signature Platform Returned QR Code


Request Type:GET

Request Parameters:

{String} state - The extra data will be sent to the platform together with the user signature information when the platform login interface is invoked. It is used when the platform login interface needs a customized parameter. If there is no such requirement, it may not be transmitted.

Request Example:


Return Results:

  code: operation results,
  message: return message,
  data: QR code picture base64 string
4.4 Platform Extra Data Protocol Descriptions

platform attributes extra_data extra data JSON object format string

    "login":"http://example/login" //Platform QR code scanning login request interface
    "description":"platform description"  //platform description
    "image":"http://example.image.jpg" //platform image,platform image displayed in yoyow app 1.1
    "h5url":"http://exampleH5.com" //Platform h5 address, used to adjust the h5 page without the app jumping
    "packagename":"com.example.app" //Platform android jump
    "urlscheme":"example://"  //Platform ios jump
4.5 Platform Login by Scanning QR Code

When the wallet App scans QR code and it will access and post signature object to “login” url in extra data.

  {Number} yoyow - Current operating user account id
  {String} time - Signature timestamp string
  {String} sign - Signature string
  {String} state - Custom information passed in when the platform is signing (refer to About Auth 4.3 - signQR)

the interface provided by the platform must return the following information

  {Number} code - operation result 0 means passing. Any non-zero condition is considered an error
  {String} message - operation result description

Request for Returning Error Code Status Description

1001 invalid signature type

1002 invalid signature time

1003 request has expired

1004 invalid operation time

1005 invalid operation signature

1006 account information does not match the chain (usually after the private key is restored, using the local data of other computers or the old backup file for authorization operation)

1007 Unauthorized platform

2000 api underlying exception

2001 account does not exist

2002 invalid account

2003 invalid transfer amount

2004 tipping and points are insufficient for paying fees

2005 insufficient tipping

2006 invalid asset symbol or id

3001 Post ID must be the previous post ID +1 of the issuer of the platform (platform post management id)

Security Request Verification

Operations related to financial security, such as transfer, posting, and other write operations, will be verified for their effectiveness in the middleware service. The information of such requests needs to be converted into ciphertext by encryption and then sent to the middleware service. The encryption method uses symmetric encryption AES, and the key is secure_key in the configuration file.

Encryption example (crypto-js version of javascript, other languages use similar AES encryption)

Default mode CBC , padding scheme Pkcs7

For example:transfer operation

    let key = 'customkey123456'; // This key is the same as the secure_key in the config in the middleware.

    let sendObj = {
      "uid": 9638251,
      "amount": 100,
      "asset_id": 0,
      "memo": "hello yoyow",
      "time": Date.now()  //time field 
      The operation time takes the current time millisecond value. 
      Encryption must have this field for verifying the operation time

    let cipher = CryptoJS.AES.encrypt(JSON.stringify(sendObj), key);
      url: 'localhost:3000/api/v1/transfer',
      type: 'POST',
      data: {
        ct: cipher.ciphertext.toString(CryptoJS.enc.Hex),
        iv: cipher.iv.toString(),
        s: cipher.salt.toString()
      success: function(res){
        // do something ...

PHP encryption

    function cryptoJsAesEncrypt($passphrase, $value){
      $salt = openssl_random_pseudo_bytes(8);
      $salted = '';
      $dx = '';
      while (strlen($salted) < 48) {
          $dx = md5($dx.$passphrase.$salt, true);
          $salted .= $dx;
      $key = substr($salted, 0, 32);
      $iv  = substr($salted, 32,16);
      $encrypted_data = openssl_encrypt($value, 'aes-256-cbc', $key, true, $iv);
      $data = array("ct" => bin2hex($encrypted_data), "iv" => bin2hex($iv), "s" => bin2hex($salt));
      return json_encode($data);

For other operations that require secure request verification, change sendObj according to the documentation