How we built identity verification for contractors: GPS scoring, revolving QR, and Google Wallet passes

We built Lynk ID — a contractor identity trust layer where a homeowner can scan a QR code or tap an NFC badge and instantly see who is at their door, without either party needing to download an app. This post covers four pieces of the backend that were interesting to build: The composite trust scoring algorithm (and why we killed the NFC hard-gate) Google Wallet pass signing with RSA-SHA256 in Node.js The B2B webhook response envelope Revolving QR tokens for replay prevention 1. Composite trust scoring — GPS, NFC, biometrics Initial versions of /api/v1/verify had a naive hard-gate: // old — broken for QR-only partners const approved = score >= 70 && nfcTap && deviceMatch ; This meant any platform that didn't send an NFC tap always got approved: false , even with strong device fingerprint + biometric match. The fix was switching to a soft-penalty model with two valid approval paths. // src/app/api/v1/verify/route.ts type VerifyRequestBody = { endpointId ?: string ; referenceId ?: string