browserClient
Initialize with
initializeFromShyConfig— see the Web SDK overview for the common setup pattern.
Non-standard options for this client:
deriveSealerKey.
Initialize
const client = initializeFromShyConfig(shyconfig, {
getAuthHeaders: async () => ({ Authorization: `Bearer ${token}` }),
deriveSealerKey: async () => derivedKeyMaterial
});
const state = client.initialize();
// → { contractVersion, productType, apiBase, sealerMode }
Store sealed browser data
const record = await client.storeSealedBrowserData({
payload: { page: "/checkout", duration_ms: 4200, referrer: "email" },
category: "pageview"
});
// → { recordID, sealed: true }
The payload is encrypted client-side before transmission. The ABCI layer writes only ciphertext to List 1. No plaintext analytics data is ever stored on the canonical ledger or observable by the operator from canonical state alone.
Read stored browser data
const records = await client.getStoredBrowserData();
const decrypted = await client.getStoredBrowserDataDecrypted();
getStoredBrowserData returns the sealed envelopes. getStoredBrowserDataDecrypted additionally applies deriveSealerKey to decrypt each record client-side.
Submit a List 2 identity attribute
await client.submitList2IdentityAttribute({
attributeHash: sha256(subClaim + scopingId)
});
In shybrowser, both List 1 (sealed payload) and List 2 (sealed identity attribute) are sealed by the operator-supplied sealer. The identity attribute is server-supplied from request metadata — the participant device does not generate it. This is the dual-sealing pattern.
Structural properties
- Sealed canonical payload — analytics content is AES-GCM encrypted before any canonical write; the operator cannot enumerate analytics payloads from canonical state
- Sealed List 2 identity attribute — identity is server-derived and sealed; participants cannot be linked across sessions from canonical state alone
- No rescission pathway —
TxTypeAuthorityRescindunavailable; erasure = sealer key deletion - Structurally write-only on browser — no receipt confirmation; web cannot satisfy non-write-only assurance. See Write-only posture