Knowledge Base Home


Kaleido support is available via the in-app form and Details of our support plans are available on our Support Plan details page.


This page is meant to serve as a source of truth for known behaviors and the corresponding resolutions. The content is updated continuously as the underlying protocols and consensus algorithms evolve, and reflects a point in time for the platform and external libraries. Consider being a good samaritan and sharing appropriate solutions if you happen to solve an issue independently.  This is high level generic documentation meant to address commonly seen problems.  For more refined troubleshooting content related to a specific Ethereum error, refer to the FAQs section.


External access to Kaleido nodes is protected through basic authentication. You must use the Kaleido UI or administrative API to generate member-specific application keys and then properly construct fully fledged URL endpoints in order to securely connect to your node(s) . Note that the Kaleido backend only stores a salted hash of the password in order to validate the secret during connection calls. As such, you are responsible for safeguarding the secret(s) and/or regenerating credentials if necessary.

As an example, one acceptable syntax for a web3 accessible endpoint is “https://username:password@nodeURL”. See the known clients documentation for a list of tested clients that are supported by Quorum and have basic auth functionality. For details on generating auth credentials and building URLs, refer to the API 101 tutorial or the sample on Public & Private Transactions.

The web3 library also supports supplying username and password as an array of arguments to the providers API. For example, see the following code snippet that shows usage of the web3 JavaScript API to set an HTTP provider using basic authentication:

web3.setProvider(new web3.providers.HttpProvider('http://host.url', 0, BasicAuthUsername, BasicAuthPassword));

Within the UI if you see a “401 Status Code” when trying to access a node, you likely need to refresh your browser session so that a fresh JWT can be generated.

If you are using the REST API to perform administrative resource management tasks (e.g. create consortia, create memberships, create environments, provision nodes, etc.), ensure that you have a valid API Key for your account and that the authorization and content headers are properly set. If your authorization header is injected with a Kaleido authtoken as opposed to the standard APIKEY, you will need to perform lifecycle management of the key. The Kaleido authtoken is configured to expire hourly. Note though that the APIKEY will persist as long as you do not issue a delete.

JSON Formatting

When exercising the Kaleido REST API…

If you want to put your JSON on a single line, you need to use double quotes for values and fields within the body AND escape with single quotes. For example:

-d '{"name":"value"}'

If you want to use environment variables in the JSON, you need to use ONLY double quotes. For example:

-d "{\"name\": \"$VARIABLE\"}"

Private Transactions

Refer to the Public & Private Transactions tutorial for a demonstration on leveraging the Quorum node’s constellation module. Be aware that if you are utilizing the command line interface exposed in the sample, then you must construct the privateFor field and the corresponding argument(s) identically to the documentation. As an example, the appropriate syntax is --privateFor'["private_address"]'. Make note of the single and double quotes surrounding the argument. You can also pass an array of private addresses if you wish to target multiple nodes for a deployment or transaction invocation. As an example, the appropriate syntax is --privateFor'["private_address_1","private_address_2"]'.


If you receive a “400 Status Code” from the UI when attempting to delete resources (e.g. an environment), first attempt a browser refresh and try again. If the error persists, consider using the administrative REST API to perform your desired action. For example, to delete an environment issue the following call:

# header auth should be properly set with a valid APIKEY & header content should be set to
# content type application/json
# $CONSORTIUM is the consortium ID and $ENVIRONMENT is the environment ID you are
# targeting for deletion
curl -H "$HDR_AUTH" -H "$HDR_CT" "$APIURL/consortia/$CONSORTIUM/environments/$ENVIRONMENT"

The same approach can be adopted to delete consortia, memberships, app credentials, etc.

Next About Kaleido