README.md: More detailed instructions for restricted APIs
This commit is contained in:
theoreticalbts
parent
c65f37ed6b
commit
cb2c5945b3
1 changed files with 23 additions and 1 deletions
24
README.md
24
README.md
|
|
@ -119,7 +119,8 @@ Accessing restricted API's
|
|||
--------------------------
|
||||
|
||||
You can restrict API's to particular users by specifying an `apiaccess` file in `config.ini`. Here is an example `apiaccess` file which allows
|
||||
user `bytemaster` with password `supersecret` to access four different API's:
|
||||
user `bytemaster` with password `supersecret` to access four different API's, while allowing any other user to access the three public API's
|
||||
necessary to use the wallet:
|
||||
|
||||
{
|
||||
"permission_map" :
|
||||
|
|
@ -131,6 +132,14 @@ user `bytemaster` with password `supersecret` to access four different API's:
|
|||
"password_salt_b64" : "INDdM6iCi/8=",
|
||||
"allowed_apis" : ["database_api", "network_broadcast_api", "history_api", "network_node_api"]
|
||||
}
|
||||
],
|
||||
[
|
||||
"*",
|
||||
{
|
||||
"password_hash_b64" : "*",
|
||||
"password_salt_b64" : "*",
|
||||
"allowed_apis" : ["database_api", "network_broadcast_api", "history_api"]
|
||||
}
|
||||
]
|
||||
]
|
||||
}
|
||||
|
|
@ -237,3 +246,16 @@ Questions
|
|||
|
||||
The first and second number together identify the kind of thing you're talking about (`1.2` for accounts,
|
||||
`1.3` for assets). The third number identifies the particular thing.
|
||||
|
||||
- How do I get the `network_add_nodes` command to work? Why is it so complicated?
|
||||
|
||||
You need to follow the instructions in the "Accessing restricted API's" section to
|
||||
allow a username/password access to the `network_node` API. Then you need
|
||||
to pass the username/password to the `cli_wallet` on the command line or in a config file.
|
||||
|
||||
It's set up this way so that the default configuration is secure even if the RPC port is
|
||||
publicly accessible. It's fine if your `witness_node` allows the general public to query
|
||||
the database or broadcast transactions (in fact, this is how the hosted web UI works). It's
|
||||
less fine if your `witness_node` allows the general public to control which p2p nodes it's
|
||||
connecting to. Therefore the API to add p2p connections needs to be set up with proper access
|
||||
controls.
|
||||
|
|
|
|||
Loading…
Reference in a new issue