Certificate (Constancia)

Overview

The Certificate API generates official certificates (constancias) that verify an employee has completed the background evaluation process. Certificates include QR codes for third-party validation.

Certificates are generated with encrypted QR codes that allow external organizations to verify authenticity through the Validation API.

View Certificate

curl -X GET https://api.vlife-dgo.com/Constancia/constanciaView/U2FsdGVkX1...

Generates and displays a certificate with QR code for a completed evaluation.

Endpoint

GET /Constancia/constanciaView/:constanciaValidacion

Authentication

Requires active user session (authenticated via session middleware).

Path Parameters

constanciaValidacion

string

required

Encrypted validation string that contains the evaluation ID. This same string is used in the QR code for certificate validation.

Response

Returns an HTML view (constanciaViews/constanciaView) displaying the certificate with:

user

string

Current user’s name from session.

string

Base64-encoded QR code image (Data URL format).

data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAA...

dataConstancia

object

Certificate metadata and validation information.

Show Certificate Data

constanciaID

integer

Unique certificate identifier.

evalID

integer

Associated evaluation ID.

constanciaValidacion

string

Encrypted validation string for QR code.

constanciaCreado

datetime

Certificate creation timestamp.

constanciaActivo

integer

Active status (1 = active, 0 = inactive).

Empleado

object

Employee information displayed on certificate.

Show Employee Data

empNombreCompleto

string

Employee’s full name.

empRFC

string

Employee’s RFC (tax identifier).

QR Code Generation

The QR code is generated using the qrcode library and contains a validation URL:

import qrcode from 'qrcode';

// Generate validation URL
const urlValidator = `http://asdfytrfdggfg/constanciaValidator/${constanciaValidacion}`;

// Create QR code as Data URL
const QR = await qrcode.toDataURL(urlValidator);

QR Code Properties:

Format: PNG image as Data URL
Content: Full validation URL with encrypted evaluation ID
Purpose: Allow third parties to verify certificate authenticity
Validation Endpoint: /Validator/ConstanciaValidator/:cadena

Database Queries

Get Certificate Data:

SELECT * FROM tbl_dgo_constancias 
WHERE evalID = ? AND constanciaActivo = 1

Get Employee Data:

SELECT empleados.empNombreCompleto, empleados.empRFC 
FROM tbl_dgo_evaluaciones evaluaciones
INNER JOIN cat_dgo_empleados empleados 
  ON evaluaciones.empID = empleados.empID
WHERE evaluaciones.evalID = ?

Decryption Process

The constanciaValidacion parameter is decrypted to retrieve the evaluation ID:

import ncrypt from 'ncrypt-js';

const ncryptObjet = new ncrypt(keyDecrypt.key);
const decryptedData = ncryptObjet.decrypt(constanciaValidacion);
// decryptedData contains the evalID

Error Handling

Silent error handling - errors are caught but not displayed to user. The view may render empty or redirect based on error type.

The controller has an empty catch block, which means errors are not properly handled or logged.

Certificate Data Structure

Certificate Record

Stored in tbl_dgo_constancias table:

constanciaID

integer

Auto-increment primary key.

evalID

integer

Foreign key to evaluation record.

constanciaValidacion

string

Encrypted validation string (ncrypt-js).

constanciaCreado

datetime

Timestamp of certificate creation.

constanciaActivo

integer

Soft delete flag (1 = active, 0 = deleted).

Certificate Validation Workflow

Generation Process

Evaluation Complete: Employee completes background evaluation
Generate Certificate: System creates certificate record with validation string
Encrypt ID: Evaluation ID encrypted using ncrypt-js
Create QR Code: QR code generated with validation URL
Display Certificate: HTML view rendered with employee data and QR code

Validation Process

QR Scan: External party scans QR code on certificate
URL Redirect: QR code redirects to validation endpoint
Decrypt ID: Server decrypts validation string
Query Database: Retrieves certificate and employee data
Display Validation: Shows certificate details and authenticity confirmation

See Document Validation for details on the validation endpoint.

Certificate Display Format

Visual Elements

Header: Official CEACC Durango logo and letterhead
Title: “Constancia de Evaluación” or similar
Employee Name: Full name prominently displayed
RFC: Tax identifier for verification
Issuance Date: Date certificate was generated
QR Code: Positioned for easy scanning (typically bottom-right)
Validation Text: Instructions for QR code verification
Official Signature: Digital or scanned signature of authority
Folio Number: Certificate identifier for reference

Print Optimization

The certificate view is designed for printing:

Standard letter size (8.5” × 11”)
Print-friendly styling
High-resolution QR code
Official color scheme

QR Code Technical Details

Library

Package: qrcode (npm) Version: Check package.json in source code Documentation: https://www.npmjs.com/package/qrcode

Generation Method

await qrcode.toDataURL(urlString)

Returns a Data URL containing a PNG image that can be directly embedded in HTML:

<img src="{{QR}}" alt="QR Code" />

QR Code Content

The QR code encodes a full URL:

http://asdfytrfdggfg/constanciaValidator/U2FsdGVkX1+abc123xyz...

URL Components:

Protocol: http:// or https://
Domain: System domain (appears to be placeholder in code)
Path: /constanciaValidator/
Parameter: Encrypted evaluation ID

Security Features

Encryption: Validation string encrypted with ncrypt-js
Active Check: Only active certificates (constanciaActivo = 1) validate
Database Verification: QR code links to live database record
Tamper-Proof: Any modification to encrypted string breaks validation

Source Code References

Routes

ConstanciaRoutes.js:6

router.get('/constanciaView/:constanciaValidacion', 
  ConstanciaController.ConstanciaView)

Controller

ConstanciaController.js:6-29 Key operations:

Decrypt validation parameter
Query certificate data
Query employee data
Generate QR code
Render view

Models

ConstanciaModel.js:2-8 SQL queries for retrieving certificate and employee information.

Integration Example

Creating a Certificate

While the API doesn’t expose a POST endpoint for certificate creation in the provided code, certificates are likely created during the evaluation completion process:

import ncrypt from 'ncrypt-js';

// Encrypt evaluation ID
const ncryptObjet = new ncrypt(secretKey);
const encryptedEvalID = ncryptObjet.encrypt(evalID.toString());

// Insert certificate record
await PoolvLife.query(`
  INSERT INTO tbl_dgo_constancias 
  SET evalID = ?, constanciaValidacion = ?, constanciaActivo = 1
`, [evalID, encryptedEvalID]);

// Redirect to certificate view
res.redirect(`/Constancia/constanciaView/${encryptedEvalID}`);

Displaying Certificate

<!-- In constanciaView.hbs template -->
<div class="certificate">
  <h1>Constancia de Evaluación</h1>
  <p><strong>Nombre:</strong> {{Empleado.empNombreCompleto}}</p>
  <p><strong>RFC:</strong> {{Empleado.empRFC}}</p>
  <p><strong>Fecha:</strong> {{formatDate dataConstancia.constanciaCreado}}</p>
  
  <div class="qr-code">
    <img src="{{QR}}" alt="QR de Validación" />
    <p>Escanee el código QR para validar</p>
  </div>
</div>

Use Cases

Official Certification: Provide employees with proof of completed background check
Third-Party Verification: Allow employers to verify certificate authenticity
Compliance Documentation: Meet regulatory requirements for background checks
Digital Records: Maintain digital certificates alongside paper copies
Anti-Fraud: Prevent forged or altered certificates through QR validation

Best Practices

Security

Always use HTTPS in production for validation URLs
Rotate encryption keys periodically
Log validation attempts for audit trail
Implement rate limiting on validation endpoint

User Experience

Provide clear instructions for QR code scanning
Include manual validation option (folio number lookup)
Ensure QR code is high-contrast and scannable
Test QR codes with multiple scanner apps

Reliability

Cache certificate views to reduce database load
Handle expired certificates gracefully
Implement proper error logging
Provide fallback validation methods

Authentication

Evaluations

Data Capture

Documents

Reports

Certificate (Constancia)

Overview

View Certificate

Endpoint

Authentication

Path Parameters

Response

QR Code Generation

Database Queries

Decryption Process

Error Handling

Certificate Data Structure

Certificate Record

Certificate Validation Workflow

Generation Process

Validation Process

Certificate Display Format

Visual Elements

Print Optimization

QR Code Technical Details

Library

Generation Method

QR Code Content

Security Features

Source Code References

Routes

Controller

Models

Integration Example

Creating a Certificate

Displaying Certificate

Use Cases

Best Practices

Build docs developers (and LLMs) love

Authentication

Evaluations

Data Capture

Documents

Reports

​Overview

​View Certificate

​Endpoint

​Authentication

​Path Parameters

​Response

​QR Code Generation

​Database Queries

​Decryption Process

​Error Handling

​Certificate Data Structure

​Certificate Record

​Certificate Validation Workflow

​Generation Process

​Validation Process

​Certificate Display Format

​Visual Elements

​Print Optimization

​QR Code Technical Details

​Library

​Generation Method

​QR Code Content

​Security Features

​Source Code References

​Routes

​Controller

​Models

​Integration Example

​Creating a Certificate

​Displaying Certificate

​Use Cases

​Best Practices

Build docs developers (and LLMs) love

Overview

View Certificate

Endpoint

Authentication

Path Parameters

Response

QR Code Generation

Database Queries

Decryption Process

Error Handling

Certificate Data Structure

Certificate Record

Certificate Validation Workflow

Generation Process

Validation Process

Certificate Display Format

Visual Elements

Print Optimization

QR Code Technical Details

Library

Generation Method

QR Code Content

Security Features

Source Code References

Routes

Controller

Models

Integration Example

Creating a Certificate

Displaying Certificate

Use Cases

Best Practices