The runtime APIs exposed by all blockchain nodes and services in Kaleido are secured with strong generated credentials.
We call these
Application Credentials, and should be generated and managed for each application that accesses your runtime infrastructure.
Per Member, Per Environment
When you generate and application credential, it is scoped to your membership of a consortium, within a particular environment.
Org1s app credential will not work against membership
- The same app credential will work against
HD Wallet 1in the same environment, as long as they are owned by the same
- An app credential created by
Env1will not work for a resource in
Generating App Credentials
Add new application credentials from an environment:
Choose the membership to scope the application credential to:
Ensure you copy out the credential - Kaleido does not store it
Supplying Application Credentials in API Calls
Application credentials are supplied base64 encoded using a standard called "HTTP Basic Auth".
This standard has the wide support in client libraries and web browsers.
The following shows how you can specify the application credentials in Postman on a simple REST API call, in this case to a HD Wallet.
Raw HTTP API examples
Different libraries require you to specify the authentication in different ways.
In all cases the end result is taking the strong generated username/password combination, base64 encoding them and then passing them to the API over an
Authorization: Basic XYZ header.
Let's look at three different ways you can pass the same information to CURL. These represent the three most common options that client API libraries, such as Swagger/OpenAPI clients, or bespoke client libraries, allow.
1. Using a username/password special option
curl -v --user e0f0pbkxfu:iFFjRbgFDjpqR99fHMudOPCSgCFFh6QociYCLem-VPA https://e0ftkb2ckc-e0w1f5ani1-hdwallet.de0-aws.kaleido.io/api/v1/wallets ... > Authorization: Basic ZTBmMHBia3hmdTppRkZqUmJnRkRqcHFSOTlmSE11ZE9QQ1NnQ0ZGaDZRb2NpWUNMZW0tVlBB
2. Embedding the username/password into the URL
curl -v https://e0f0pbkxfu:iFFjRbgFDjpqR99fHMudOPCSgCFFh6QociYCLem-VPA@e0ftkb2ckc-e0w1f5ani1-hdwallet.de0-aws.kaleido.io/api/v1/wallets ... > Authorization: Basic ZTBmMHBia3hmdTppRkZqUmJnRkRqcHFSOTlmSE11ZE9QQ1NnQ0ZGaDZRb2NpWUNMZW0tVlBB
3. Supplying a raw pre-encoded base64 header
B64AUTH=$(echo -n 'e0f0pbkxfu:iFFjRbgFDjpqR99fHMudOPCSgCFFh6QociYCLem-VPA' | base64) curl -v -H "Authorization: Basic $B64AUTH" https://@e0ftkb2ckc-e0w1f5ani1-hdwallet.de0-aws.kaleido.io/api/v1/wallets ... > Authorization: Basic ZTBmMHBia3hmdTppRkZqUmJnRkRqcHFSOTlmSE11ZE9QQ1NnQ0ZGaDZRb2NpWUNMZW0tVlBB