This week, I learned about double-spent attack and chain reorg; we also demonstrated this attack in local regtest mode. You can check out my blog.
Checked the bcoin configuration file and, successfully ran multiple nodes on a different port and connecting them.
Used different commands with their parameters, e.g. bcoin --network=regtest has many helpful parameters --log-level=info, --max-inbound, --max-outbound, --selfish.
Questions:
Q1. What is api-key, and why it is used?
-> It is a secret key used by RPC. It is required to access all endpoints. Otherwise, you will get a 401 unauthorised error is returned. The API key is set either in wallet.conf or the --api-key argument at launch. It is a general configuration not mandatory to use.
Q2. What is a Wallet token?
-> Every individual wallet has its security token, a 32-byte hash calculated from the wallet master key. A wallet is always created with a corresponding token. The token is returned when a wallet is created or from the bwallet-cli info API endpoint. When wallet-auth is set to true, the token must be sent in the query string or JSON body for any requests regarding that wallet. Requests with incorrect tokens are rejected with a 403 Forbidden error.
Q3. What is wallet-auth?
-> Without wallet-auth: true, other applications on your system could theoretically access your wallet through the HTTP server without any authentication barriers. wallet-auth: true requires a wallet's token to be submitted with every request, which add extra security.
Name: Pradyuman Verma Topic: Week 2 Journal
What I learned:
regtest
mode. You can check out my blog.bcoin
configuration file and, successfully ran multiple nodes on a different port and connecting them.bcoin --network=regtest
has many helpful parameters--log-level=info
,--max-inbound
,--max-outbound
,--selfish
.Questions: Q1. What is
api-key
, and why it is used? -> It is a secret key used by RPC. It is required to access all endpoints. Otherwise, you will get a401 unauthorised
error is returned. The API key is set either inwallet.conf
or the--api-key
argument at launch. It is a general configuration not mandatory to use. Q2. What is aWallet token
? -> Every individual wallet has its security token, a 32-byte hash calculated from the wallet master key. A wallet is always created with a corresponding token. The token is returned when a wallet is created or from thebwallet-cli info
API endpoint. Whenwallet-auth
is set to true, the token must be sent in the query string or JSON body for any requests regarding that wallet. Requests with incorrect tokens are rejected with a403 Forbidden
error. Q3. What iswallet-auth
? -> Withoutwallet-auth: true
, other applications on your system could theoretically access your wallet through the HTTP server without any authentication barriers.wallet-auth: true
requires a wallet's token to be submitted with every request, which add extra security.