Skip to main content
POST
/
api
/
v1
/
attributes
{
  "name": "membership-tier",
  "data-format": "string",
  "context-format": null,
  "attestation-required": false
}

{
  "message": "Attribute created successfully"
}

Overview

Registers a new attribute type in the BOOP Network. This endpoint allows system administrators to define new user attributes that can be collected, stored, and requested during authentication.
This endpoint is typically used by system administrators only. Creating new attributes affects the entire system and should be done carefully.

Request

name
string
required
Unique name for the attribute (e.g., “drivers-license”, “membership-level”)
data-format
string
Format specification for the attribute data (e.g., “string”, “boolean”, “integer”, “object”)
context-format
string
Format specification for additional context data (optional)
attestation-required
boolean
required
Whether modification of this attribute requires attestation from a trusted entity

Response

success
boolean
Indicates successful creation (no response body for 201 status)
{
  "name": "membership-tier",
  "data-format": "string",
  "context-format": null,
  "attestation-required": false
}

{
  "message": "Attribute created successfully"
}

Usage Examples

async function createAttribute(attributeData) {
  const response = await fetch('https://dev.app.boop.it/api/v1/attributes', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'X-API-Key': 'your-api-key'
    },
    body: JSON.stringify(attributeData)
  });

  if (!response.ok) {
    const error = await response.json();
    throw new Error(`Failed to create attribute: ${error.message}`);
  }

  return response.status === 201;
}

// Create a new membership attribute
await createAttribute({
  name: 'loyalty-points',
  'data-format': 'integer',
  'context-format': null,
  'attestation-required': false
});

Attribute Design Guidelines

Naming Conventions

  • Use lowercase with hyphens: membership-tier, date-of-birth
  • Be descriptive but concise: age-verify not user-age-verification-status
  • Avoid spaces and special characters

Data Formats

  • string: Text data (names, emails, IDs)
  • boolean: Yes/no flags (verified status, preferences)
  • integer: Numeric values (age, points, levels)
  • object: Complex structured data (addresses, payment methods)

Attestation Requirements

Set attestation-required: true for:
  • Government-issued documents (ID, passport, license)
  • Financial information (bank accounts, credit scores)
  • Professional credentials (licenses, certifications)
  • Age or identity verification
Set attestation-required: false for:
  • User preferences (language, notifications)
  • Basic contact information (email, username)
  • Non-sensitive identifiers (pseudonyms, handles)

Common Attribute Examples

// Contact Information
{
  name: 'phone-number',
  'data-format': 'string',
  'attestation-required': true  // Verification required
}

// User Preferences
{
  name: 'communication-preference',
  'data-format': 'string',
  'attestation-required': false
}

// Verification Status
{
  name: 'kyc-verified',
  'data-format': 'boolean',
  'attestation-required': true
}

// Complex Data
{
  name: 'shipping-address',
  'data-format': 'object',
  'context-format': 'json',
  'attestation-required': true
}

Integration with Authentication

Once created, attributes can be requested in authentication flows: 
// After creating 'loyalty-tier' attribute
const authRequest = {
  type: 'create_context',
  requirements: {
    type: 'membership',
    attributes: ['email', 'loyalty-tier', 'membership-expiry']
  }
};

Error Handling

Error CodeMeaningResolution
invalid-requestMalformed request bodyCheck JSON format and required fields
attribute-existsAttribute name already takenChoose a different name
invalid-formatInvalid data/context formatUse standard format types
unauthorizedInsufficient permissionsVerify API key has admin permissions

Security Considerations

  • Restrict attribute creation to authorized administrators only
  • Validate attribute names to prevent injection attacks
  • Consider the privacy implications of new attributes
  • Document data retention policies for each attribute type

Rate Limits

  • 10 attribute creations per minute per API key
  • 100 attribute creations per hour per API key