Docs

Security diagrams

Visual flows for app service-auth, buyer assertions, webhook signing, QR verification, and public/private data boundaries.

Closed beta@atmosphere-money/app-nodeSDK beta: 0.0.0-beta.3ATM API beta: 2026-0672 lexicons

Compatible with the closed-beta ATM app APIs and versioned ATM event headers. Check atm-api-version on every webhook or XRPC receiver event.

App service-auth

  1. 01

    App server chooses method

    Use the exact XRPC NSID as lxm.

  2. 02

    App mints service-auth

    Issuer is the app DID; audience is the ATM service.

  3. 03

    ATM verifies token

    Check issuer, audience, lxm, expiry, signature, and replay jti.

  4. 04

    ATM executes scoped action

    Only for the app, environment, and module allowed.

Buyer assertion

  1. 01

    Buyer is signed into app

    The app has user presence without forcing checkout re-auth.

  2. 02

    App requests short assertion

    Issuer is buyer DID and lxm is the buyer assertion method.

  3. 03

    App includes assertion

    ATM receives payer DID plus assertion in private envelope.

  4. 04

    ATM stores verification metadata

    Do not store raw assertion JWT in public records.

Webhook signing

  1. 01

    ATM creates event

    Event includes id, delivery id, environment, type, app DID, and data.

  2. 02

    ATM signs raw body

    Use the app environment signing secret.

  3. 03

    App verifies before parsing

    Raw bytes must match the signature.

  4. 04

    App deduplicates

    Store delivery id before fulfillment.

QR verification

  1. 01

    Pass contains opaque token

    No DID, email, ticket id, payment id, or processor id.

  2. 02

    Scanner submits token

    Scanner calls verifyTicket or checkInTicket.

  3. 03

    Tickets checks private state

    Token hash, status, void/refund state, and check-in list.

  4. 04

    Check-in is idempotent

    Repeat scans return existing entry state.

Public and private data

Public protocolSafe catalog refs, public event refs, final amount/currency facts, and proof refs.
Private ATMCheckout sessions, customer contact, processor ids, QR tokens, holds, issued-ticket state, ticket delivery attempts, scanner grants, and webhook logs.
Private appFulfillment details, buyer messages, downloads, shipping, event UX, and app-local analytics.
Security diagrams - Atmosphere Money Docs