SkillChain issues verifiable, blockchain-backed vocational certificates to learners and institutions. It stores cryptographic proofs on Polygon (Mumbai) and the certificate artifacts on IPFS; a backend AI fraud detector analyzes uploaded certificates for tampering.
Built for high integrity and easy verification, SkillChain helps institutions issue credentials that employers and government agencies can trust.
Frontend → FastAPI Backend → MongoDB ↓ Blockchain Service → Polygon Mumbai ↓ IPFS Service → Pinata ↓ AI Fraud Service → HuggingFace ViT
Prerequisites
- Python 3.11+
- Node 20+
- MongoDB (or Docker)
- MetaMask (for interacting with deployed contracts)
- Clone and setup
git clone <repo>
cd SkillChain
python -m venv .venv
.venv\Scripts\activate
pip install -r requirements.txt- Configure
.env
MONGODB_URI- MongoDB connection string (default mongodb://localhost:27017/skillchain)JWT_SECRET- JWT signing secretJWT_EXPIRE_MINUTES- token expiry in minutesPINATA_API_KEY,PINATA_SECRET_KEY- Pinata credentialsPOLYGON_RPC_URL- Polygon RPC endpoint (Mumbai testnet)PRIVATE_KEY- Deployer private key for contractsCONTRACT_ADDRESS- deployed SkillCertificate contract address (optional)FRONTEND_URL- URL where frontend is hosted (for share links)
- Deploy smart contract
python app/contracts/deploy.py
# Copy the deployed address into .env as CONTRACT_ADDRESS- Seed database
python seed.py- Start backend
uvicorn main:app --reload --port 8000- Start frontend
cd skillchain-frontend
npm install
npm run dev- Run with Docker
docker-compose up --build| Method | Endpoint | Auth | Description |
|---|---|---|---|
| POST | /api/auth/register | No | Register user (learner/institute) |
| POST | /api/auth/login | No | Login and retrieve JWT |
| GET | /api/auth/me | Yes | Get current user |
| POST | /api/certificates/issue | Yes (institute) | Issue a certificate and mint NFT |
| GET | /api/certificates/verify/{id} | Public | Verify certificate status |
| POST | /api/digilocker/push/{id} | Yes (learner) | Push to DigiLocker sandbox |
| GET | /api/analytics/stats | Public | Landing page stats |
| ... | ... | ... | More endpoints documented in code |
Test Accounts (seed.py)
- Institute: institute@skillchain.test / SkillChain@2025
- Learner: ravi.kumar@test.com / Learner@2025
Key Features
- ✅ Blockchain-backed certificates
- ✅ IPFS storage for certificate artifacts
- ✅ AI fraud detection using vision models
- ✅ DigiLocker sandbox integration
Tech Stack
- Frontend: React (Vite, Tailwind)
- Backend: FastAPI, Beanie, MongoDB
- Blockchain: web3.py, Polygon Mumbai
- Storage: IPFS (Pinata)
Blockchain Details
- Network: Polygon Mumbai (testnet)
- Contract:
SkillCertificate(deploy viaapp/contracts/deploy.py)
Project Structure
LICENSE
main.py
app/
contracts/
core/
models/
routers/
services/
skillchain-frontend/
tests/
Please open issues and PRs. This project is MIT licensed.
FastAPI service for a blockchain-linked vocational certificate demo: IPFS (Pinata), Polygon Mumbai (web3.py), MongoDB (Beanie), JWT auth, optional fraud image scan (HuggingFace ViT), and mock DigiLocker hooks.
- Python 3.10+
- MongoDB (local or Atlas)
- (Optional) Pinata API keys, deployed
SkillCertificatecontract + funded wallet for mint/revoke on Mumbai
cd skillchain-backend
pip install -r requirements.txt
python seed.py
uvicorn main:app --reload --port 8000Interactive docs: http://localhost:8000/docs
Copy .env and set real values for production:
MONGODB_URI— e.g.mongodb://localhost:27017/skillchainJWT_SECRET— long random stringPINATA_*— for PDF + JSON metadata uploadsPOLYGON_RPC_URL,PRIVATE_KEY,CONTRACT_ADDRESS— on-chain mint/revoke (owner wallet must match contractowner)FRONTEND_URL— used in QR codes ({FRONTEND_URL}/verify/{certificate_id})
Contract ABI is loaded from app/contracts/abi.json (update if you change the Solidity interface).
app/contracts/SkillCertificate.sol is written for OpenZeppelin ^0.8.20. Compile and deploy with your toolchain (Hardhat/Foundry), then paste the deployed address into CONTRACT_ADDRESS and refresh abi.json if needed.
seed.pywipesusers,certificates, andaudit_logsin the configured database, then inserts demo data without calling the blockchain.- The fraud endpoint uses
google/vit-base-patch16-224as a placeholder signal; it is not a trained forgery detector. - Polygon Mumbai may be deprecated upstream; switch
POLYGON_RPC_URLto your preferred test network if Mumbai RPCs fail.
- Mumbai Testnet Performance: Polygon Mumbai can be slow during high network congestion. Certificate minting may take 30-60 seconds. The system includes graceful failure handling with PENDING_MINT status and automatic retry logic.
- Fraud Detection Model: The current fraud detection uses a pre-trained ViT model as a placeholder. For production, a model specifically trained on certificate forgery patterns should be used.
- Read-Only Mode: If
PRIVATE_KEYis not set in.env, the server starts in read-only mode where certificate issuance is disabled but verification still works. - IPFS Pinning: Relies on Pinata's free tier which has rate limits. For high-volume production, consider using a dedicated IPFS node or paid Pinata plan.
- Demo Mode: The
/demoroute pre-fills form data for hackathon demonstrations. This should be disabled in production environments.
(Team to add screenshots here)
- Landing page with live activity feed
- Certificate issuance form with PDF preview
- Certificate detail page with blockchain explorer embed
- Why Blockchain comparison widget
- Fraud scanning interface
To verify the application is working correctly, run the smoke test script:
# Set API URL if not using localhost
export API_URL=http://localhost:8000
# Run smoke tests
bash scripts/smoke_test.shThe smoke test will:
- Check health endpoint
- Register a test institute
- Login with test credentials
- Issue a certificate (may fail if no blockchain funds)
- Verify the certificate
- Run a fraud scan
Each test will print PASS or FAIL with a summary at the end.