Building with Passport
Major concepts
Educating users

Platform Integrator concepts

This page is for platforms who integrate with Passport XYZ and make its sybil-resisting functionality available to their ecosystem partners.

On this page, you will learn what types of attacks Passport XYZ can protect against, see examples of existing platform integrations, understand integration best-practices and identify the key information your users need to know.

Audience definitions

First off, some audience definitions:

  1. Platform Integrator: An application that integrates with Passport and makes the functionality available to their ecosystem partners.
  2. Ecosystem partners: Organizations or apps who use the platforms built by Platform Integrators.
  3. End-users: People who are engaging with the ecosystem partner's content or programs within the platform.

We'll use Snapshot (opens in a new tab) as an example. Snapshot is an offchain voting platform that allows DAOs, DeFi protocols, or NFT communities to participate in decentralized governance. Within the Snapshot platform, Optimism Collective allows users to vote on proposals using Snapshot's technology.

In this situation, Snapshot would be a platform integrator, Optimism Collective would be an ecosystem partner, and the users submitting and voting on proposals are end-users.

Here are some examples and their Passport use cases:

Platform IntegratorEcosystem PartnerEnd userWhy the Platform integrating Passport XYZ is a win for everyone
SnapshotDAOs and other groups that need a proposal and voting systemDAO contributors and other votersVoting outcomes that bias towards real democracy and less so algorithmic manipulation
GuildGuild adminsGuild membersRewards going to unique humans instead of bots and Sybils
GalxeCommunity engagement campaign creatorsPeople who want to earn rewards by participating in campaignsRewards going to unique humans instead of bots and Sybils

What are Sybils and why should you care?

Sybil attacks describe the abuse of a digital network by creating many illegitimate virtual personas. There are several ways that users can become incentivized to create Sybil accounts, for example to receive a reward multiple times, or have additional influence over a vote. They prevent you from efficiently allocating power and/or capital among your community by capturing it for some dishonest person or group. Without some form of Sybil defense, you have no way to tell whether the users showing up to your application really represent individual human users or whether they are actually bots or fake accounts.

What is Sybil defense?

Sybil defense is a catch-all term for any actions that minimize the effect of Sybils. Typically, Sybil defense involves filtering out users that can't provide sufficient evidence that they are real human individuals. The more effective the Sybil defense, the more confident you can be that your users are real, and the more effectively you can distribute rewards, votes and other forms of capital and agency to your community.

Passport XYZ is a Sybil defense tool. It provides everything you need to check the personhood of your users without invading their privacy.

Read more about Sybil defense on the blog (opens in a new tab).

Why Passport XYZ?

Passport XYZ aggregates evidence of personhood from across web2 and web3, makes it available via a simple API, and does so while preserving user's privacy. Application developers and platform owners benefit from easy integration and flexibility to choose what evidence is most important to them, and how high their threshold for evidence should be. Users benefit from a simple UI that guides them along a simple path to collecting Passport Stamps and presenting them to apps, requiring only an Ethereum account to get started.

Integrating Passport XYZ into an application is a powerful and flexible way to add Sybil defense to your application that is straightforward for developers and users alike. Importantly, Passport XYZ is flexible so you can configure your own Sybil defenses to your own specification, ensuring you get the best protection for your particular use case.

Read more on why you should use Passport.

How to integrate Passport XYZ into your platform

The most common way platforms use Passport XYZ is to use Passport scores or specific combinations of Stamps to control access to some content or function. This can be handled in just a few simple functions in your app.

We have detailed guides demonstrating various Passport integrations. After you have integrated Passport into your app, your users can connect their Ethereum wallet, and the app can make an API call to the Passport server to retrieve the user's Stamps and Passport score.

The score is the sum of weights assigned to the user's Stamps. It is possible to create custom algorithms for scoring Passports from raw Stamp data, but using Passport's server is considered best practice for several reasons:

  1. You benefit from Stamp weights (opens in a new tab) that have been assigned by Passport XYZ data scientists.
  2. You do not have to handle complications such as Stamp deduplication - the server does this for you.
  3. You can follow our simple tutorials to quickly and easily start defending your app from Sybils!

While utilizing the Passport score is a best practice, you could also use Stamp data in addition to the Passport score, or just use Stamp data to gate access. For example, a few specific Stamps might be particularly important to you (maybe you decide that having a Github account for over 180 days is a hard requirement to access your platform). In this case you can access your user's Stamp collection and confirm ownership of individual Stamps.

Finally, you might not necessarily want to automatically gate access based on Passport scores or Stamps. Perhaps you want to display Stamp and score information about each user so platform administrators or end users can make real-time decisions based on the user's trustworthiness or reputation. For example, you might have to determine an honest user from several impersonator accounts. Quick access to Stamp and score data would give you a strong signal about who is the genuine user. There is a guide for displaying Stamp and score data in your app's UI here!

Read more on How Passport works.

Start building using our Integration guides.

What does this look like for ecosystem partners?

It would be helpful to understand the audience definitions in the introduction of this page when reading this section.

If integrated properly, ecosystem partners utilizing a platform's services will be able to utilize Passport functionality to ensure that their content or programs are minimally affected by Sybils.

For example, an ecosystem partner runs a forum and voting platform in addition to their main application. Integrating Passport across all these platforms gives them confidence that your whole organization is protected to the same standard, with the same configuration.

A Passport integration is straightforward, flexible and configurable to ecosystem partners' needs depending on how a platform integrator builds the integration. You can easily set global configurations that are standard across all platforms and partners, or you could tailor your Sybil defences to each platform, so that you can have stricter controls for more sensitive services.

You can learn more about these benefits by reading our blog post about our partnership with Guild.xyz (opens in a new tab).

What does this look like for end users?

End users benefit from a very straightforward verification process and proof of personhood they can use across web3. Passport XYZ is a very widely used Sybil defense tool that your users can set up once and then use to identify themselves to all kinds of apps and services.

Your end users can follow this simple guide to set up their Passport:

  1. To get started, you must have an Ethereum wallet.
  2. Then, you can visit the Passport app (opens in a new tab).
  3. There, you can sign in with Ethereum and connect Stamps to your Passport in a few clicks.
  4. When they want to utilize a tool that is Passport-gated, you can sign a message and provide access to the platform provider to read your Stamp and score data.

More customization

Some platforms will find that they have specific needs that are not met by the standard Stamp library. In that case, you can add a new Stamp specifically for your purpose! Creating a Stamp requires some provable action to be captured in the form of a Verifiable Credential. We have created a step-by-step guide to help platforms to create new Stamps.

The weights assigned to individual Stamps in the Passport scoring app are also likely to change if re-weighting is likely to improve the overall Sybil defence efficacy of the Scorer. You can also implement your own scoring algorithm if the default weights aren't right for your use-case.

Use cases

Passport XYZ is already protecting many real world applications! There are several use case articles on the Gitcoin blog (opens in a new tab) where you can read about how various apps have integrated Passport.

Some examples include:

Where to go from here?