Keys Overview

Dig deeper into Arianee keys including the viewKey, requestKey, and proofKey.

Key Types

There are three primary types of keys:

  1. ViewKey: This key is immutable and generated during the creation of a digital passport. It grants the holder the ability to view the associated digital passport.
  2. RequestKey: Initially, the RequestKey is the same as the ViewKey for transferable digital passports. However, it can be overridden by the digital passport owner. Protocol v2 introduces changes regarding the RequestKey upon NFT transfer.
  3. ProofOfOwnership: In protocol v1, ProofOfOwnership can be generated to prove ownership of a digital passport. Protocol v2 replaces this with Arianee Access Token for faster and more secure off-chain proofs.


Creation and Retrieval

  • The ViewKey is created during the digital passport's initial creation using one of the following methods:
  • Retrieve the ViewKey of a certificate:
    • Via the NFT Management Platform UI.
    • Using the /certificate API with the parametersviewKey or initialViewKey. Refer to the full API documentation here.


Creation and Retrieval

  • For transferable digital passports, the requestKey initially matches the viewKey.
  • Retrieve the initial requestKey using the /certificate API with the parameters viewKey or initialViewKey. Refer to the full API documentation here.

Overrides and Transfers

  • Owners can override the requestKey:
    • Call the requestKey function as documented here.
    • For unclaimed digital passports, use the NFT Management Platform API.
    • For claimed digital passports, generate a link using a wallet application.
  • Protocol V2 behavior on digital passport transfer:
    • Cancels the previous requestKey.
  • Protocol V1 behavior on digital passport transfer:
    • Cancels the previous requestKey for regular transfers.
    • Does not cancel the previous requestKey for transfers done via the recovery function documented here.
  • Digital passport recovery via the NFT Management Platform UI:
    • Sequentially calls the recovery function (transfer to the brand) and generates a requestKey equal to the Initial viewKey. The original RequestKey can then be used for claims.


Generation and Validity

  • Protocol V1: generates proofKey using the CreateCertificateProofLink function as documented here. This can be done via API or using Arianee wallet applications.
  • Protocol V2: proofKey replaced with Arianee Access Tokens (AATs), offering off-chain, secure, and faster authentication.


  • On-chain proof: A proof is valid if it has been generated approximately 72 hours on POA and 28 hours on Polygon.
  • Off-chain proof: The Arianee Access Token validity depends on the defined exp parameter.

AddTokenAccess Function

The AddTokenAccess function allows direct management of keys, including viewKey, requestKey, and proofKey.

  • Token Access types:
    • viewKey: 0
    • requestKey: 1
    • proofKey: 2
  • The viewKey cannot be changed using this function; an error will occur if attempted.
  • To deactivate a requestKey, refer to the documentation for specific instructions.


Want to learn about the addAccessToken function? Check out our documentation here!