The NEM team would like to than Robin (Telegram user: @robinped) for this blog.

I’m writing this article to serve as a resource for SAAS projects that need some of their functionality backed by the NEM blockchain. This functionality can include the following:

Decentralized information

You need to use the blockchain as a shared, secure and immutable source for some of your data.

List of trusted servers.

List of members.

Master items.

Documentation You need to share some immutable and timestamped information. Certificates Service work

Assets of value You need to use the blockchain to handle

transferable and valuable assets. In-game currencies Forum points Tokens of value Identity

Transact You need to send or receive payments. Donations E-commerce

Encrypt You need to encrypt and store some pieces of information. Health records. Secret messages.



Background

I’m creating this article based on my experience in building NEMventory. A simple proof-of-concept inventory and trade system using mosaics under a centralized namespace. The backend was created with Laravel and the frontend with VUE.

Off-chain contracts

The challenge with a centralized namespace is giving users limited permission to interact with the namespace, in other words, a contract. This is often referred to as a smart “off-chain” contract. With NEM I can write this code in whatever language a prefer. In NEMventory there is a contract for creating an asset on the centralized namespace. This contract is written in PHP and running in a web application backend. The contract gets initiated when a transfer with a certain message is received. As we don’t want to store “large” amounts of data on the blockchain, the message will only hold a reference to the information. If the referenced information is sufficient and the transfer has enough XEM, the contract will execute. When the contract executes, it creates a mosaic on the namespace based on the referenced information.

There is another layer of security on this contract. The contract can only propose transactions. Because the account is multi-sig, a human or a bot will also need to confirm the transactions based on its logic.

Infrastructure

Another challenge is how our public SAAS application will communicate with the NEM network.

If we are only requesting open information from the blockchain, we don’t need a secure communication channel. But if our communication “contains” private keys, we will need to secure this connection. Then we have two options:

Sign the data before announcing it to a remote node. Run a local node that signs and announces the data for you.

For option one, you will either need to create your own Ed25519 signing tool, or you can use the NEM-SDK JavaScript library. I didn’t try for option 1 for NEMventory as we created a secure backend that has local communication with a NEM NIS node which can sign the transactions for us. Though we could imagine a SAAS solution where transactions were only signed by the client, and even to enhance it even further, only through client-side decryption with a user password, but that is for another article.

In this SAAS typology, we will use option two where we have a local NEM node to communicate with the blockchain network. This NEM node is called NIS. Installation instructions can be found here. It has its API which you can find documentation on here. Our web app backend will communicate with the NEM node, which in turn can serve information to our web app frontend through its API. There are several good libraries in multiple languages that simplify the communication with NIS.

Multi-sig

The NEM blockchain comes with built-in features like multi-sig authentication which we will use to keep the main account with funds secure in the SAAS infrastructure.

The backend web app will only hold one of the multi-sig cosigner keys. So an intruder would only be able to suggest transactions. Then we can put logic in our signing (bot or human) on what transactions should be signed.

If our server gets compromised (without a bot on the same server), the intruder does not have enough access to steal the funds from the main account.

This secures our valuable assets. We can push it even further by withdrawing the assets into cold storage if necessary.

Start your own blockchain SAAS project

These are the steps to create a SAAS application that leverages functionality the NEM blockchain provides.

Setup an Ubuntu server. Setup a NEM node on a server here. Create a NEM 2-of-3 multisig account. (Tutorial Part 1, Part 2) Setup your web application. ( Angular2, Laravel) Connect the web application to the NEM node.

You can find a full SAAS example with [NEMventory here] (https://github.com/RobertoSnap/nemventory).

Setup NEMventory example

NEMventory consists of a Laravel 5.4 backend and a Vue SPA frontend. To run a secure namespace, you will have to set up a multisig account with at least one public and one private signer. The public signer will live in the .env file on the backend. The private signer can be yourself, or you can set up a bot to do it for you.

Setup a Laravel environment.https://laravel.com/docs/5.4/installation

2. Windows: https://laravel.com/docs/5.4/homestead

2. Mac: https://laravel.com/docs/5.4/valet Clone this repo into a public folder git clone https://github.com/RobertoSnap/nemventory.git Nemventory Run composer install Setup a DB for your Laravel installation and run PHP artisan migrate``` Run PHP artisan passport:install```. This will generate the keys for API based authentication. Run npm install Run npm run watch Then in your .env file, configure the following: