Reading the TrustScore

When users finish the process in Traity, they will redirected to the url you specified in the callback_url parameter during the widget session’s link initialization. A GET call will be made to that url and it will include a parameter called request that will be needed to read user’s TraityScore from your site.

There are two approaches to read a user’s score. One is using the secret you got while creating your app in our Developers’ dashboard and second one is to use the decentralized option, where you can use your own blockchain keys to sign the request and get access to the user’s score. In both cases, a bearer token will be generated and you will be to read the users score by making a GET http request to the following URI:

a) Using your application secret:

If you are using your app secret, you just need to generate a new JWT token signed with it. This new token should contain the payload you just received and should be included inside the Authorization header as a bearer token as follows:

require 'jwt'

authorization = JWT.encode({ request: params[:request] }, ENV['APP_SECRET'], 'HS512')
response      = Faraday.get('',
                            'Authorization': "Bearer #{authorization}").body
score         = JSON.parse(response)
require 'jwt'

authorization = JWT.encode({ request: params[:request] }, ENV['APP_SECRET'], 'HS512')
response      = Faraday.get('',
                            'Authorization': "Bearer #{authorization}").body
score         = JSON.parse(response)
  // php-jwt is used in this example:
  use \Firebase\JWT\JWT;

  $url           = '';
  $authorization = JWT::encode(array('request' => $_GET['request']), APP_SECRET);
  $header        = array('Accept: application/json',
                         'Authorization: Bearer '.$authorization);

  $curl = curl_init();
  curl_setopt($curl, CURLOPT_URL, $url);
  curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
  curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
  curl_setopt($curl, CURLOPT_HTTPGET, true);
  $reply = curl_exec($curl);

  //error handling for cURL
  if ($reply === false) {
     throw new Exception('Curl error: ' . curl_error($curl));

  $decoded_data = json_decode($reply, true);
  echo '<pre>';

Successful requests made to the score endpoint will return responses similar to this:

  "score": 89.0,
  "breakdown": {
    "online_identity": 72.0,
    "behavioural_reputation": 63.0
    "network": 80.0,


User’s permission will last 24 hours starting at the moment the process of building the TrustScore is completed. An error will be raised if score is tried to be accessed with the same token after that period of time.

See also

Reputation Gateway is based on REY, the decentralized risk scoring protocol. More information about the permission JWT token and its different claims can be found at

Interpreting the TrustScore

The returned response for a score will have two fields. score which is the global value to indicate the user’s trustworthiness, and breakdown, which includes the different components of the global score which are identity, behavioural_reputation and network.
Each score will go from 0 to 100.
identity tells how close are the users of being who they say they are, preventing the use of stolen or very recent accounts.
behavioural_reputation tells about users’ reputation in sites such as Airbnb or Ebay.
Having a record of positive transactions in other sites is a good indicator of how will this person behave in a new site with no previous history.
network gives a sense of how trustworthy users’ connections are.
Having a network of trustworthy people is an indicator of accountability.
You are free to define what you consider a good score to your business or if you want to use any of the breakdown scores.
From our experience, a TrustScore of at least 70 points is a good starting point to differentiate the most trustworthy users.
Bear in mind that having a low TrustScore doesn’t necessary mean the user can’t be trusted. It usually means not enough information was provided to make an assesment.