Skip to main content

System Overview

DPP Kit is composed of several services that work together to issue, store, resolve, and verify Digital Product Passports.

Architecture Diagram

Frontend (Astro + React)          Express REST API             External Services
Port 4321                         Port 3001                    (Docker containers)
┌──────────────────┐    ┌──────────────────────┐    ┌──────────────────────────┐
│ Web App          │───►│ API Server           │───►│ VCKit        :3332       │
│ Dashboard        │    │ /api/organizations   │    │ Identity Resolver :3300  │
│ Credential Mgmt  │    │ /api/credentials     │    │ Storage Service   :3333  │
│ User Management  │    │ /orgs (public DID)   │    │ Directus CMS      :8055 │
└──────────────────┘    └──────────────────────┘    │ PostgreSQL        :5432  │
                                                     │ MinIO/S3          :9000  │
                                                     └──────────────────────────┘

Service Responsibilities

Web Frontend

The user interface where practitioners and product managers interact with DPP Kit. Built with Astro (server-side rendered pages) and React (interactive components). Handles authentication via Directus JWT tokens.

Express API

The backend service that orchestrates credential issuance. Validates requests, manages the credential pipeline, and coordinates between VCKit, Storage Service, and the Identity Resolver.

VCKit

The credential engine powered by Veramo. Handles:

  • DID creation and key management
  • Credential signing (W3C Verifiable Credentials v2)
  • Credential verification
  • Revocation status lists

Identity Resolver (IDR)

A GS1 Digital Link resolver that maps product identifiers (GTIN, GLN) to credential URLs. When someone scans a product's barcode or QR code, the resolver redirects them to the credential.

Storage Service

Stores signed Verifiable Credentials in S3-compatible object storage (MinIO for development, DigitalOcean Spaces for production). This is the source of truth for signed credentials.

Directus CMS

Manages user authentication, organization data, and credential metadata. Provides the database layer (PostgreSQL) and file storage for evidence documents.

PostgreSQL

The relational database backing both Directus (metadata, users, organizations) and VCKit (keys, DIDs, status lists).

MinIO / S3

Object storage for signed credentials and Identity Resolver data. MinIO is used in development; S3-compatible cloud storage (e.g., DigitalOcean Spaces) is used in production.