Server-side Raindrop is a blockchain-based authentication layer optimized for large systems and databases. The purpose of this post is to explain the concept through an example — let’s consider the story of Satoshi, a hypothetical user who interacts with a bank and a fintech app, and faces a problem that anyone with a smart phone can relate to.

Satoshi opens a checking account with Globex Bank. He is now happily able to transfer funds in and out of that checking account — he withdraws cash when he wants to spend money and deposits cash when he gets his paycheck.

Satoshi doesn’t like having to carry his cash around everywhere and wants to be able to transfer money directly to vendors using his phone. However, his bank isn’t a payment provider and does not have the resources or time to build out the necessary infrastructure to be one. Globex Bank instead builds an ACH API — anybody who Satoshi authorizes can use this ACH API to transfer funds in and out of his account for any purpose.

Acme, a fintech app, steps in and says to Satoshi: “If you authorize us to access Globex Bank’s ACH API, you can make your payments through our app, and you won’t have to carry cash around everywhere.”

This sounds great to Satoshi, but he’s worried that this new process opens the door for a hacker to backdoor into his account via the API — a reasonable concern.

Globex Bank shares Satoshi’s concern to an even greater degree — if an unauthorized party accesses the ACH API, the hacker may be able to manipulate many of their customers’ accounts, and may not be detected until it is too late.

This is where Globex Bank would want to implement Server-side Raindrop. Using Hydrogen’s online documentation, Globex Bank can easily get started by whitelisting Acme as an approved accessor. When Acme wants to access the API, they must complete a challenge using Hydro on the blockchain from their unique wallet. Nobody except the holder of Acme’s wallet can complete this challenge.

Globex Bank simply checks that this challenge was completed successfully and then allows Acme to access Satoshi’s funds on his behalf. If the challenge was incorrect or incomplete, Globex Bank would deny Acme’s access and Satoshi’s account would not be compromised to a malicious party. And since this all occurs on a public blockchain, anyone in the world can verify when an attempt to access the API is initiated via Server-side Raindrop.

To learn more and compare Server-side Raindrop with Client-side Raindrop, please see this post.