Using the Vault as a trusted intermediary we allow web applications to securely access a client side API provided by third party applications.
An example of how we use this in the Zippie Platform is the Wallet API.
Utilising IFrames and window.postmessage() calls we proxy calls to a third-party client side web api.
- use the vault directly for key management
- vault passes through the web application origin for whitelisting
- TODO: More on Permissions framework
If you want to implement an API for your application that third parties can use, you need to implement an IPC Service and provide a IPC Client API.
If you want to consume the API of a third party web application you need to implement their IPC Client API