Skip to main content

Validate Certificate by QR Code

curl -X GET https://api.vlife-dgo.com/Validator/ConstanciaValidator/U2FsdGVkX1...
Validates a certificate (constancia) by decrypting a QR code string and retrieving the associated certificate data.

Endpoint

GET /Validator/ConstanciaValidator/:cadena

Authentication

This endpoint uses the isNotLoggedIn middleware - it is accessible to external users without authentication, allowing public validation of certificates via QR codes.

Path Parameters

cadena
string
required
Encrypted validation string from the QR code. This string is encrypted using ncrypt-js and contains the evaluation ID.

Validation Workflow

  1. QR Code Scan: User scans QR code on certificate
  2. URL Redirect: QR code contains URL with encrypted string
  3. Decryption: Server decrypts the string using ncrypt-js to extract evalID
  4. Data Retrieval: Certificate data is fetched from database
  5. Display: Validation view shows certificate details and authenticity

Response

Returns an HTML view (constanciaViews/constanciaValidatorView) with employee and certificate information.
Employee
object
Employee and certificate validation data.

Database Query

The validation query joins multiple tables to retrieve comprehensive certificate information: 
SELECT empleados.empNombreCompleto, empleados.empRFC, empleados.empCURP,
  tipoEval.evalTipo, constancias.constanciaValidacion, constancias.constanciaCreado
FROM tbl_dgo_constancias constancias
INNER JOIN tbl_dgo_evaluaciones evaluaciones 
  ON evaluaciones.evalID = constancias.evalID
INNER JOIN cat_dgo_empleados empleados 
  ON empleados.empID = evaluaciones.empID
INNER JOIN cat_dgo_tipoeval tipoEval 
  ON tipoEval.tipoEvalID = evaluaciones.tipoEvalID
WHERE evaluaciones.evalID = ? AND constancias.constanciaActivo = 1

Encryption Details

Library: ncrypt-js Encryption Process: 
const ncryptObjet = new ncrypt(keyDecrypt.key);
const decryptedData = ncryptObjet.decrypt(cadena);
The encrypted cadena parameter contains the evaluation ID, which is decrypted server-side using a secret key from the connection configuration.

Response Examples

Valid Certificate Displays validation view with:
  • Employee full name
  • RFC and CURP identifiers
  • Evaluation type
  • Certificate issuance date
  • Validation confirmation message
Invalid Certificate If decryption fails or no matching active certificate is found: 
{
  "flash": {
    "message": "Algo salio mal !"
  },
  "redirect": "back"
}

Error Handling

error
object
Error scenarios and responses.

Security Considerations

  • The endpoint is intentionally public to allow certificate validation by third parties
  • Encryption prevents tampering with evaluation IDs in URLs
  • Only active certificates (constanciaActivo = 1) can be validated
  • No sensitive data beyond basic employee identifiers is exposed

Integration Example

When generating a certificate, the QR code is created as follows: 
import qrcode from 'qrcode';
import ncrypt from 'ncrypt-js';

// Encrypt the evaluation ID
const ncryptObjet = new ncrypt(secretKey);
const encryptedData = ncryptObjet.encrypt(evalID.toString());

// Generate validation URL
const validationURL = `https://api.vlife-dgo.com/Validator/ConstanciaValidator/${encryptedData}`;

// Create QR code
const qrCodeImage = await qrcode.toDataURL(validationURL);

Use Cases

  1. Public Verification: External organizations scan QR codes to verify employee certificates
  2. Authenticity Check: Confirms certificate was issued by CEACC Durango
  3. Anti-Fraud: Prevents forged or altered certificates
  4. Audit Trail: Provides timestamp of certificate creation

Validation Status Indicators

status
string
The validation system provides visual indicators:
  • Valid: Certificate found, active, and verified
  • Invalid: Certificate not found or inactive
  • Error: System error during validation
See also:

Build docs developers (and LLMs) love

Get started for freeTalk to us