soroban-cli icon indicating copy to clipboard operation
soroban-cli copied to clipboard

Published 20 hours ago verified publisher icon stellar

CLI should support rpc providers which require an API key

Open janewang opened this issue 1 year ago • 6 comments

What problem does your feature solve?

Close to 50% of RPC providers require developers to pass the API key in the authorization header. The CLI only enables passing a --rpc-url, not an API key

What would you like to see?

Be able to optional pass the RPC API Key when the RPC provider requires such

The ecosystem RPC providers list is here: https://developers.stellar.org/docs/data/rpc/rpc-providers. We cannot use blockdaemon for example.

janewang avatar Sep 04 '24 22:09 janewang

+1.

Can we do some research on each provider and post back here with the format of their header to make sure there's some uniformity?

If there's not uniformity then we might need to rethink this to be a more generic param such as --rpc-header that accepts a full header such as --rpc-header 'Authorization: Bearer abc123'.

If there is uniformity, we can add it with param --rpc-api-key abc123.

And add an env var to accompany the param such as STELLAR_RPC_API_KEY, or similar for the header.

leighmcculloch avatar Sep 05 '24 23:09 leighmcculloch

API Key format for Obsrvr

"Authorization: Api-Key 4rRrRTzZ.QDzg6MlgbNd2GUAIQoseyRRRRR0459yy"

tmosleyIII avatar Sep 12 '24 20:09 tmosleyIII

Here's a spreadsheet with the research on what each RPC provider is expecting regarding API keys: https://docs.google.com/spreadsheets/d/125K7a0sb2qm6uq-2qo8JhtNT5WXOTDRyylsL7UaLyv0/.

To summarize, it seems like we have three different scenarios we need to account for to make sure all of the providers on this page](https://developers.stellar.org/docs/data/rpc/rpc-providers) are supported:

  1. The provider is expecting the api key in the url
  2. The provider is expecting a bearer token in the auth header (sometimes this bearer token is the API key directly, sometimes it is a jwt)
  3. The provider is expecting the api key in an "api-key" header

I think that we can handle those three scenarios with the suggestion that Leigh made above about adding an optional --rpc-header arg.

  1. for providers that expect the API key in the URL, users can use the existing --rpc-url arg
stellar contract deploy ... \
   --rpc-url https://mainnet.stellar.validationcloud.io/v1/<API_KEY> \
   --network-passphrase 'Public Global Stellar Network ; September 2015'
  1. for auth headers, users can use the new --rpc-header arg
stellar contract deploy ... \
   --rpc-url 'https://svc.blockdaemon.com/stellar/mainnet/native/soroban-rpc' \
   --rpc-header 'Authorization: Bearer <API_KEY>' \
   --network-passphrase Public Global Stellar Network ; September 2015
  1. for api-key headers, users can use the new --rpc-header arg
stellar contract deploy ... --rpc-url 'https://soroban-mainnet.nownodes.io' \
  --rpc-header 'api-key: <API_KEY>' \
  --network-passphrase 'Public Global Stellar Network ; September 2015'

elizabethengelman avatar Sep 19 '24 15:09 elizabethengelman

Thank you @elizabethengelman 🙏

cc @quietbits

janewang avatar Sep 19 '24 17:09 janewang

I encountered this issue while using the Blockdaemon API. If the related work hasn't started yet, I would be happy to submit a PR.

overcat avatar Sep 26 '24 08:09 overcat

@overcat Thanks for offering! We have a PR that's already in the works by @elizabethengelman

janewang avatar Sep 26 '24 13:09 janewang