Vault provides a CLI that wraps the Vault REST interface. Any HTTP client (including the Vault CLI) can be used for accessing the API. Since the REST API produces JSON, I use the wonderful jq for the examples.
└── <MOUNT>
(install)
├── config
(create, update, read)
├── accounts
(list)
│ └── <NAME>
(create, update, read, delete)
│ ├── debit
(update)
│ ├── sign
(update)
│ ├── sign-tx
(update)
│ ├── transfer
(update)
│ └── verify
(update)
├── addresses
(list)
│ └── <ADDRESS>
(read)
│ ├── balance
(update)
│ └── verify
(update)
├── block
│ └── <NUMBER>
(read)
│ └── transactions
(read)
├── convert
(create, update)
├── export
│ └── <NAME>
(create)
├── deploy
│ └── <NAME>
│ └── contracts
(list)
│ └── <NAME>
(create, read, delete)
├── import
│ └── <NAME>
(create)
├── names
(list)
│ └── <NAME>
(read)
│ ├── balance
(update)
│ └── verify
(update)
└── transaction
└── <TRANSACTION_HASH>
(read)
You must trust the cert for the vault in question. For example on a Mac assuming you followed the Vault setup instructions in Immutability:
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/etc/vault.d/root.crt
For Windows or Ubuntu you must follow the appropriate steps to get your browser to trust the Vault certificate.
You must also allow CORS in Vault. For example:
vault write sys/config/cors enabled=true allowed_origins="*"
This endpoint will list all accounts stores at a path.
Method | Path | Produces |
---|---|---|
LIST |
:mount-path/accounts |
200 application/json |
mount-path
(string: <required>
) - Specifies the path of the accounts to list. This is specified as part of the URL.
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request LIST \
https://localhost:8200/v1/ethereum/accounts | jq .
The example below shows output for a query path of /ethereum/accounts/
when there are 4 accounts.
{
"request_id": "6c33d1c9-d599-179c-f20c-307a47e129f4",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"keys": [
"lesswow",
"test",
"muchwow",
"morewow"
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint will create an Ethereum account at a path.
Method | Path | Produces |
---|---|---|
POST |
:mount-path/accounts/:name |
200 application/json |
name
(string: <required>
) - Specifies the name of the account to create. This is specified as part of the URL.spending_limit_tx
(string: <optional>
) - The total amount of Wei allowed to be spent in a single transaction.spending_limit_total
(string: <optional>
) - The total amount of Wei allowed to be spent for this account.whitelist
(string array: <optional>
) - Comma delimited list of allowed accounts.blacklist
(string array: <optional>
) - Comma delimited list of disallowed accounts. Note:blacklist
overrideswhitelist
.
{
"whitelist": ["0xD9E025bFb6ef48919D9C1a49834b7BA859714cD8","0x58e9043a873EdBa4c5C865Bf1c65dcB3473f7572"]
}
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request POST \
--data @payload.json \
https://localhost:8200/v1/ethereum/accounts/test3 | jq .
The example below shows output for the successful creation of /ethereum/accounts/test3
.
{
"request_id": "af43bafd-5afa-9577-ffec-5fb7d1316bfa",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"address": "0xd850d887f803b64a18c98a3acfbe0496f02fe9f5",
"blacklist": null,
"spending_limit_total": "0",
"spending_limit_tx": "0",
"total_spend": "0",
"whitelist": [
"0xD9E025bFb6ef48919D9C1a49834b7BA859714cD8",
"0x58e9043a873EdBa4c5C865Bf1c65dcB3473f7572"
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint will update an account's constraints.
Method | Path | Produces |
---|---|---|
PUT |
:mount-path/accounts/:name |
200 application/json |
name
(string: <required>
) - Specifies the name of the account to create. This is specified as part of the URL.spending_limit_tx
(string: <optional>
) - The total amount of Wei allowed to be spent in a single transaction.spending_limit_total
(string: <optional>
) - The total amount of Wei allowed to be spent for this account.whitelist
(string array: <optional>
) - Comma delimited list of allowed accounts.blacklist
(string array: <optional>
) - Comma delimited list of disallowed accounts. Note:blacklist
overrideswhitelist
.
{
"whitelist": ["0x58e9043a873EdBa4c5C865Bf1c65dcB3473f7572"]
}
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request POST \
--data @update.json \
https://localhost:8200/v1/ethereum/accounts/test3 | jq .
The example below shows output for the successful creation of /ethereum/accounts/test3
.
{
"request_id": "28286c4a-f40e-4842-c52c-7970571c9ddd",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"address": "0xd850d887f803b64a18c98a3acfbe0496f02fe9f5",
"blacklist": null,
"spending_limit_total": "0",
"spending_limit_tx": "0",
"total_spend": "0",
"whitelist": [
"0x58e9043a873EdBa4c5C865Bf1c65dcB3473f7572"
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint will list details about the Ethereum account at a path.
Method | Path | Produces |
---|---|---|
GET |
:mount-path/accounts/:name |
200 application/json |
name
(string: <required>
) - Specifies the name of the account to read. This is specified as part of the URL.
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request GET \
https://localhost:8200/v1/ethereum/accounts/muchwow | jq .
The example below shows output for a read of /ethereum/accounts/test
.
{
"request_id": "58c331ea-a63d-b9ea-75d7-bc9e1933708c",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"address": "0x7b715f8748ef586b98d3e7c88f326b5a8f409cd8",
"balance": 799958000000000000,
"balance_in_usd": 239.053494011038634,
"blacklist": null,
"spending_limit_total": "",
"spending_limit_tx": "",
"total_spend": "",
"whitelist": null
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint will delete the account - and its passphrase - from Vault.
Method | Path | Produces |
---|---|---|
DELETE |
:mount-path/accounts/:name |
200 application/json |
name
(string: <required>
) - Specifies the name of the account to update. This is specified as part of the URL.
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request DELETE \
https://localhost:8200/v1/ethereum/accounts/test3
There is no response payload.
This endpoint will debit an Ethereum account.
Method | Path | Produces |
---|---|---|
POST |
:mount-path/accounts/:name/debit |
200 application/json |
name
(string: <required>
) - Specifies the name of the account to use for signing. This is specified as part of the URL.address_to
(string: <required>
) - A Hex string specifying the Ethereum address to send the ETH to.amount
(string: <required>
) - The amount of ether - in wei.gas_price
(string: <optional>
) - The price in gas for the transaction. If omitted, we will use the suggested gas price.gas_limit
(string: <optional>
) - The gas limit for the transaction. If omitted, we will estimate the gas limit.send
(bool: <optional - defaults to true>
) - Indicates whether the transaction should be sent to the network.
The following sends 0.2 ETH to 0x36D1F896E55a6577C62FDD6b84fbF74582266700
.
{
"amount":"200000000000000000",
"to": "0x36D1F896E55a6577C62FDD6b84fbF74582266700"
}
$ curl -s --cacert /etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request POST \
--data @payload.json \
https://localhost:8200/v1/ethereum/accounts/test2/debit | jq .
The example below shows the output for the successfully sending ETH from /ethereum/accounts/test2
. The Transaction hash is returned.
{
"request_id": "b921207e-c0d9-a3c1-442b-ef8b1884238d",
"lease_id": "",
"lease_duration": 0,
"renewable": false,
"data": {
"amount": "100000000000000000",
"amount_in_usd": "0",
"address_from": "0x4169c9508728285e8a9f7945d08645bb6b3576e5",
"address_to": "0x8AC5e6617F65c071f6dD5d7bD400bf4a46434D41",
"gas_limit": "21000",
"gas_price": "1000000000",
"signed_transaction": "0xf86b06843b9aca00825208948ac5e6617f65c071f6dd5d7bd400bf4a46434d4188016345785d8a0000802ca0ff3fccbde1964047db6be33410436a9220c91ea4080b0e14489dc35fbdabd008a0448fe3ec216a639e1b0eb87b0e4b20aab2e5ec46dad4c38cfc81a1c54e309d21",
"starting_balance": 8460893507395267000,
"starting_balance_in_usd": "0",
"total_spend": "100000000000000000",
"transaction_hash": "0x3a103587ea6bdeee944e5f68f90ed7b1f4c7699236167d1b1d29495b0319fb26"
},
"warnings": null
}
This endpoint will sign the provided transaction.
Method | Path | Produces |
---|---|---|
POST |
:mount-path/accounts/:name/sign-tx |
200 application/json |
name
(string: <required>
) - Specifies the name of the account to use for signing. This is specified as part of the URL.address_to
(string: <required>
) - A Hex string specifying the Ethereum address to send the ETH to.amount
(string: <required>
) - The amount of ether - in wei.gas_price
(string: <optional>
) - The price in gas for the transaction. If omitted, we will use the suggested gas price.gas_limit
(string: <optional>
) - The gas limit for the transaction. If omitted, we will estimate the gas limit.nonce
(string: <optional>
) - The nonce for the transaction. If omitted or zero, we will use the suggested nonce.data
(string: <required>
) - Transaction data to sign.
{
"amount":"200000000000000000",
"to": "0x36D1F896E55a6577C62FDD6b84fbF74582266700",
"data": "transaction data"
}
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request POST \
--data @payload.json \
https://localhost:8200/v1/ethereum/accounts/test2/sign-tx | jq .
The example below shows output for the successful signing of a transaction by the private key associated with /ethereum/accounts/test2
.
{
"request_id": "b921207e-c0d9-a3c1-442b-ef8b1884238d",
"lease_id": "",
"lease_duration": 0,
"renewable": false,
"data": {
"amount": "100000000000000000",
"amount_in_usd": "0",
"address_from": "0x4169c9508728285e8a9f7945d08645bb6b3576e5",
"address_to": "0x8AC5e6617F65c071f6dD5d7bD400bf4a46434D41",
"gas_limit": "21000",
"gas_price": "1000000000",
"signed_transaction": "0xf86b06843b9aca00825208948ac5e6617f65c071f6dd5d7bd400bf4a46434d4188016345785d8a0000802ca0ff3fccbde1964047db6be33410436a9220c91ea4080b0e14489dc35fbdabd008a0448fe3ec216a639e1b0eb87b0e4b20aab2e5ec46dad4c38cfc81a1c54e309d21",
"starting_balance": 8460893507395267000,
"starting_balance_in_usd": "0",
"total_spend": "100000000000000000",
"transaction_hash": "0x3a103587ea6bdeee944e5f68f90ed7b1f4c7699236167d1b1d29495b0319fb26"
},
"warnings": null
}
This endpoint will list all account contracts.
Method | Path | Produces |
---|---|---|
LIST |
:mount-path/deploy/:account_name/contracts |
200 application/json |
path
(string: <required>
) - Specifies the mount point. This is specified as part of the URL.account_name
(string: <required>
) - Specifies the name of the account from which to deploy. This is specified as part of the URL.
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request LIST \
https://localhost:8200/v1/ethereum/deploy/test/contracts | jq .
The example below shows output for a query path of ethereum/deploy/test/contracts
when there are 2 contracts at /ethereum/deploy/test
.
{
"request_id": "3e53a65b-9910-f5b7-1d42-b6bb83fcfc2c",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"keys": [
"ponzi",
"cryptomonkeys",
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint will sign a provided Ethereum contract.
Method | Path | Produces |
---|---|---|
POST |
:mount-path/deploy/:account_name/contracts/:contract_name |
200 application/json |
account_name
(string: <required>
) - Specifies the name of the account to use for signing. This is specified as part of the URL.contract_name
(string: <required>
) - Specifies the name of the contract. This is specified as part of the URL.transaction_data
(string: <required>
) - The compiled Ethereum contract.amount
(string: <required>
) - The amount of ether in wei to fund the contract with.nonce
(string: <optional> - defaults to "1"
) - The nonce for the transactiongas_price
(string: <required>
) - The price in gas for the transaction in wei.gas_limit
(string: <required>
) - The gas limit for the transaction.send
(bool: <optional - defaults to true>
) - Indicates whether the transaction should be sent to the network.
{
"transaction_data": "6060604052341561000f57600080fd5b60d38061001d6000396000f3006060604052600436106049576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff16806360fe47b114604e5780636d4ce63c14606e575b600080fd5b3415605857600080fd5b606c60048080359060200190919050506094565b005b3415607857600080fd5b607e609e565b6040518082815260200191505060405180910390f35b8060008190555050565b600080549050905600a165627a7a72305820d4b4961183894cf1196bcafbbe4d2573a925296dff82a9dcbc0e8bd8027b153f0029",
"amount":"10000000000",
"gas_limit":"1500000",
"nonce":"1"
}
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request POST \
--data @payload.json \
https://localhost:8200/v1/ethereum/deploy/test6/contracts/helloworld | jq .
The example below shows output for the successful deployment of a contract by the account at /ethereum/deploy/test6/contracts/helloworld
.
{
"request_id": "af4a743e-73ea-ddbd-dac1-351303ac8430",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"amount": "10000000000",
"amount_in_usd": "0",
"total_spend": "10000000000",
"transaction_hash": "0xee051ae8e9a5afefe94853254de2ea512d88dc4a455334a8e286464c0fa9e767"
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint will return the address of an Ethereum contract (if available.)
Method | Path | Produces |
---|---|---|
GET |
:mount-path/deploy/:account_name/contracts/:contract_name |
200 application/json |
account_name
(string: <required>
) - Specifies the name of the account to use for signing. This is specified as part of the URL.contract_name
(string: <required>
) - Specifies the name of the contract. This is specified as part of the URL.
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request GET \
https://localhost:8200/v1/ethereum/deploy/test6/contracts/helloworld | jq .
NOTE: If the transaction hasn't been included in a block yet, the contract address will show as: receipt not available
{
"request_id": "da4be9f4-b9fd-90c2-b981-80553cc2359a",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"address": "0xCA3986C32beaD6c434773CD41107537f7dDe0c98",
"transaction_hash": "0xee051ae8e9a5afefe94853254de2ea512d88dc4a455334a8e286464c0fa9e767"
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint will sign the provided data.
Method | Path | Produces |
---|---|---|
POST |
:mount-path/accounts/:name/sign |
200 application/json |
name
(string: <required>
) - Specifies the name of the account to use for signing. This is specified as part of the URL.data
(string: <required>
) - Some data.
{
"data": "this is very important"
}
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request POST \
--data @payload.json \
https://localhost:8200/v1/ethereum/accounts/test2/sign | jq .
The example below shows output for the successful signing of some data by the private key associated with /ethereum/accounts/test2
.
{
"request_id": "d99b7948-453a-67c2-9111-178e6a731812",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"address": "0x36d1f896e55a6577c62fdd6b84fbf74582266700",
"signature": "0x90a8712c948b5dfe412ca7e2082be9ef6ddf318a9aaf9183b702c0d1ee180d9d1f97683cb52026dc0de0b6033237cf421a27e88e7d0e608ac4778a9dcfd8818000"
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint will verify that this account signed some data.
Method | Path | Produces |
---|---|---|
POST |
:mount-path/accounts/:name/verify |
200 application/json |
name
(string: <required>
) - Specifies the name of the account to use for signing. This is specified as part of the URL.data
(string: <required>
) - Some data.signature
(string: <required>
) - The signature to verify.
{
"data": "this is very important"
"signature": "0x90a8712c948b5dfe412ca7e2082be9ef6ddf318a9aaf9183b702c0d1ee180d9d1f97683cb52026dc0de0b6033237cf421a27e88e7d0e608ac4778a9dcfd8818000"
}
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request POST \
--data @payload.json \
https://localhost:8200/v1/ethereum/accounts/test/verify | jq .
The example below shows output for the successful verification of a signature created by /ethereum/accounts/test
.
{
"request_id": "f806212d-087c-7378-dd85-676701aeabb7",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"address": "0x36d1f896e55a6577c62fdd6b84fbf74582266700",
"signature": "0x90a8712c948b5dfe412ca7e2082be9ef6ddf318a9aaf9183b702c0d1ee180d9d1f97683cb52026dc0de0b6033237cf421a27e88e7d0e608ac4778a9dcfd8818000",
"verified": true
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint will list all account addresses.
Method | Path | Produces |
---|---|---|
LIST |
:mount-path/addresses |
200 application/json |
path
(string: <required>
) - Specifies the path of the accounts to list. This is specified as part of the URL.
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request LIST \
https://localhost:8200/v1/ethereum/addresses | jq .
The example below shows output for a query path of /ethereum/addresses/
when there are 3 addresses.
{
"request_id": "3e53a65b-9910-f5b7-1d42-b6bb83fcfc2c",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"keys": [
"0x36d1f896e55a6577c62fdd6b84fbf74582266700",
"0x7b715f8748ef586b98d3e7c88f326b5a8f409cd8",
"0x4169c9508728285e8a9f7945d08645bb6b3576e5"
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint will list the names associated with an address.
Method | Path | Produces |
---|---|---|
GET |
:mount-path/names/:address |
200 application/json |
address
(string: <required>
) - Specifies the address of the account to read. This is specified as part of the URL.
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request GET \
https://localhost:8200/v1/ethereum/addresses/0xb56b2dd44073d87cbac5d4a3655354b3762178ee | jq .
The example below shows output for a read of /ethereum/addresses/0xb56b2dd44073d87cbac5d4a3655354b3762178ee
.
{
"request_id": "087d361d-127b-a277-d023-283208f62743",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"names": [
"muchwow"
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint will return the balance for an address.
Method | Path | Produces |
---|---|---|
GET |
:mount-path/addresses/:address/balance |
200 application/json |
address
(string: <required>
) - Specifies the address of the account. This is specified as part of the URL.
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request GET \
https://localhost:8200/v1/ethereum/mainnet/addresses/0x4169c9508728285e8a9f7945d08645bb6b3576e5/balance | jq .
The example below shows output for the successful verification of a signature created by /ethereum/accounts/test
.
{
"request_id": "d772820e-bbc1-acd1-2aed-1107e72a857e",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"address": "0x4169c9508728285e8a9f7945d08645bb6b3576e5",
"balance": "10000000000000000",
"balance_in_usd": "2.99183586901"
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint will verify that this account signed some data.
Method | Path | Produces |
---|---|---|
POST |
:mount-path/addresses/:address/verify |
200 application/json |
address
(string: <required>
) - Specifies the address of the account to use for signing. This is specified as part of the URL.data
(string: <required>
) - Some data.signature
(string: <required>
) - The signature to verify.
{
"data": "this is very important"
"signature": "0x90a8712c948b5dfe412ca7e2082be9ef6ddf318a9aaf9183b702c0d1ee180d9d1f97683cb52026dc0de0b6033237cf421a27e88e7d0e608ac4778a9dcfd8818000"
}
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request POST \
--data @payload.json \
https://localhost:8200/v1/ethereum/addresses/0xb56b2dd44073d87cbac5d4a3655354b3762178ee/verify | jq .
The example below shows output for the successful verification of a signature created by /ethereum/accounts/test
.
{
"request_id": "f806212d-087c-7378-dd85-676701aeabb7",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"address": "0xb56b2dd44073d87cbac5d4a3655354b3762178ee",
"signature": "0x90a8712c948b5dfe412ca7e2082be9ef6ddf318a9aaf9183b702c0d1ee180d9d1f97683cb52026dc0de0b6033237cf421a27e88e7d0e608ac4778a9dcfd8818000",
"verified": true
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint will read details associated with a block.
Method | Path | Produces |
---|---|---|
GET |
:mount-path/block/:number |
200 application/json |
number
(string: <required>
) - Specifies the number of the block to read. This is specified as part of the URL.
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request GET \
https://localhost:8200/v1/ethereum/block/2800568 | jq .
The example below shows output for a read of /ethereum/block/2800568
.
{
"request_id": "5ac451bd-d66a-5f03-9541-1ccecde26223",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"block": 2800568,
"block_hash": "0x00890448fbdc2000e3e70a66d0b9ac8eaa8d18606512af268e2542ca9d550e3d",
"difficulty": 2,
"time": 1534078628,
"transaction_count": 13
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint will read transactions associated with a block.
Method | Path | Produces |
---|---|---|
GET |
:mount-path/block/:number/transactions |
200 application/json |
number
(string: <required>
) - Specifies the number of the block to read. This is specified as part of the URL.
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request GET \
https://localhost:8200/v1/ethereum/block/2800568/transactions | jq .
The example below shows output for a read of /ethereum/block/2800568/transactions
.
{
"request_id": "67f5e340-da54-aa64-bbab-598483c9f213",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"0x0c10dc4158ddb4b3464b3519695661a3b73556bcd1a6d5833aa46d0275749e39": {
"address_to": "0xc0e15E11306334258d61fEe52a22D15e6c9C59e0",
"gas": 3000000,
"gas_price": 1000000000,
"nonce": 73902,
"value": "0"
},
"0x3c45da76247826473e2227b4a8eb3a9fb45280c05b4ecef1d6993087e91cfb58": {
"address_to": "0xc51b536AD6169bb7F8c893FF4b744d03433455cB",
"gas": 277468,
"gas_price": 1000000000,
"nonce": 134957,
"value": "0"
},
"0x3d26e1d8470d85556fd6a04ec832b5e8cfcbfb306b8ebb94bf030996ca3c7cd4": {
"address_to": "0xc51b536AD6169bb7F8c893FF4b744d03433455cB",
"gas": 373558,
"gas_price": 1000000000,
"nonce": 134958,
"value": "0"
},
"0x4773f64900d9ae460c72ca478fe2d122027b9dbc0433a40deb62d48ca068b108": {
"address_to": "0x97e3bA6cC43b2aF2241d4CAD4520DA8266170988",
"gas": 1200000,
"gas_price": 1000000000,
"nonce": 27861,
"value": "0"
},
"0x4fcb5de0ad524d63df206593fd0c0b6e74d9d62919685b2ad6e3bbdeb9753c2e": {
"address_to": "0x58dcf18084A320670F9abb059312AE60610bda58",
"gas": 4500000,
"gas_price": 1000000000,
"nonce": 13537,
"value": "0"
},
"0x5aa13eba92ebed85199c7b563cca567dc2ab927cff01f6785274f4174acc93a8": {
"address_to": "0x17dA6A8B86578CEC4525945A355E8384025fa5Af",
"gas": 100000,
"gas_price": 1000000000,
"nonce": 277,
"value": "1000000000000000000"
},
"0x718fa59d7ef2bc9f2ee9642d9357449509ce4e6f14a8e2d0c820d7cfc7dc7535": {
"address_to": "0xc0e15E11306334258d61fEe52a22D15e6c9C59e0",
"gas": 3000000,
"gas_price": 1000000000,
"nonce": 73963,
"value": "0"
},
"0xa173a5237e034fc54638a1dcf10343f29c0dc2dd8b8b1a25a7d370539e183bd9": {
"address_to": "0xc51b536AD6169bb7F8c893FF4b744d03433455cB",
"gas": 377718,
"gas_price": 1000000000,
"nonce": 52914,
"value": "0"
},
"0xa737cb951ab32c1b71a521809bab2f4b34234d27abd0ac0c6fac29d480ed6748": {
"address_to": "0x08Fe64C8B476c9cC776d8A0Ad5bB50e29D83A970",
"gas": 3000000,
"gas_price": 1000000000,
"nonce": 340,
"value": "0"
},
"0xaa322a7ebc3225029ef24a9fde80b2869deacc0a64b14533d07e52fff4542141": {
"address_to": "0xcB912023AaEB5057BeDB13c937E0519cED0D627A",
"gas": 400000,
"gas_price": 1000000000,
"nonce": 32859,
"value": "0"
},
"0xb11f44837f56205f6695c258c7e25ce6dc81f3c746d55ece8a22375147cfa34f": {
"address_to": "0x39394Ad63206DE2cd86881e1D20ff1621566e482",
"gas": 500000,
"gas_price": 1000000000,
"nonce": 22685,
"value": "0"
},
"0xc4c44fc474f2aa27e9ac651fdf3a109984c464a5859db47d5cb2cfdc93f52788": {
"address_to": "0xc51b536AD6169bb7F8c893FF4b744d03433455cB",
"gas": 275388,
"gas_price": 1000000000,
"nonce": 70743,
"value": "0"
},
"0xd64b823fcb714b6811c9790e7219ef1836e5568e5bdf2e7385a1b910178c7de8": {
"address_to": "0xCFe52FEDF5fc3b92ABA3D43b96B4Ae1d0b39062c",
"gas": 3000000,
"gas_price": 1000000000,
"nonce": 14,
"value": "0"
}
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint configure the plugin at a mount.
Method | Path | Produces |
---|---|---|
POST |
:mount-path/config |
200 application/json |
rpc_url
(string: <optional> default:"https://rinkeby.infura.io"
) - Specifies the RPC URL of the Ethereum node.chain_id
(string: <optional> default:"4"
) - Specifies the Ethereum network. Defaults to Rinkeby.bound_cidr_list
(string array: <optional>
) - Comma delimited list of allowed CIDR blocks.api_key
(string: <optional>
) - The Coinmarketcap API key.
{
"chain_id": "4",
"rpc_url": "https://rinkeby.infura.io"
}
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request POST \
--data @config.json \
https://localhost:8200/v1/ethereum/config | jq .
The example below shows output for the successful creation of a mount's configuration.
{
"request_id": "086c19b4-e07a-55ba-5ba3-3819b9c0b1da",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"api_key": "",
"bound_cidr_list": null,
"chain_id": "4",
"rpc_url": "https://rinkeby.infura.io"
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint reconfigures the plugin at a mount.
Method | Path | Produces |
---|---|---|
PUT |
:mount-path/config |
200 application/json |
rpc_url
(string: <optional> default:"https://rinkeby.infura.io"
) - Specifies the RPC URL of the Ethereum node.chain_id
(string: <optional> default:"4"
) - Specifies the Ethereum network. Defaults to Rinkeby.bound_cidr_list
(string array: <optional>
) - Comma delimited list of allowed CIDR blocks.api_key
(string: <optional>
) - The Coinmarketcap API key.
{
"chain_id": "4",
"rpc_url": "https://rinkeby.infura.io"
}
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request PUT \
--data @config.json \
https://localhost:8200/v1/ethereum/config | jq .
The example below shows output for the successful update of a mount's configuration.
{
"request_id": "086c19b4-e07a-55ba-5ba3-3819b9c0b1da",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"api_key": "",
"bound_cidr_list": null,
"chain_id": "4",
"rpc_url": "https://rinkeby.infura.io"
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint returns the configuration of a plugin at a mount.
Method | Path | Produces |
---|---|---|
GET |
:mount-path/config |
200 application/json |
None
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request GET \
https://localhost:8200/v1/ethereum/config | jq .
The example below shows output for the mount's configuration.
{
"request_id": "086c19b4-e07a-55ba-5ba3-3819b9c0b1da",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"api_key": "",
"bound_cidr_list": null,
"chain_id": "4",
"rpc_url": "https://rinkeby.infura.io"
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint will convert one Ethereum unit to another.
Method | Path | Produces |
---|---|---|
POST/PUT |
:mount-path/convert |
200 application/json |
amount
(string: <required>
) - Specifies amount to convert.unit_from
(string: <required>
) - Specifies unit to convert from.unit_to
(string: <required>
) - Specifies unit to convert to.
{
"unit_from": "wei",
"unit_to": "eth",
"amount": "200000000000000000"
}
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request POST \
--data @convert.json \
https://localhost:8200/v1/ethereum/convert | jq .
The example below shows output for the successful export of the keystore for /ethereum/accounts/test
.
{
"request_id": "125314b7-7d7d-5c30-daa2-05d3680a68ea",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"amount_from": "200000000000000000",
"amount_to": "0.2",
"unit_from": "wei",
"unit_to": "ether"
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint will export a JSON Keystore for use in another wallet.
Method | Path | Produces |
---|---|---|
POST |
:mount-path/accounts/:name/export |
200 application/json |
name
(string: <required>
) - Specifies the name of the account to export. This is specified as part of the URL.path
(string: <required>
) - The directory where the JSON keystore file will be exported to.
{
"path":"/Users/cypherhat/.ethereum/keystore"
}
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request POST \
--data @payload.json \
https://localhost:8200/v1/ethereum/export/test | jq .
The example below shows output for the successful export of the keystore for /ethereum/accounts/test
.
{
"request_id": "47e3ef56-e2ba-3895-d61b-d9615df1560c",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"passphrase": "routing-explode-slander-satiable-stardom-cope-cranium-upriver-unfold",
"path": "/Users/cypherhat/.ethereum/keystore/UTC--2018-08-19T20-05-13.985145605Z--36d1f896e55a6577c62fdd6b84fbf74582266700"
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint will import a JSON Keystore and passphrase into Vault at a path. It will create an account and map it to the :mount-path/accounts/:name
. If an account already exists for this name, the operation fails.
Method | Path | Produces |
---|---|---|
POST |
:mount-path/import/:name |
200 application/json |
name
(string: <required>
) - Specifies the name of the account to create. This is specified as part of the URL.path
(string: <required>
) - The path of the JSON keystore file.passphrase
(string: <required>
) - Thepassphrase
that was used to encrypt the keystore.
Be careful with those passphrases!
read -s PASSPHRASE; read PAYLOAD_WITH_PASSPHRASE <<EOF
{"path":"/Users/cypherhat/.ethereum/keystore/UTC--2017-12-01T23-13-37.315592353Z--a152e7a09267bcff6c33388caab403b76b889939", "passphrase":"$PASSPHRASE"}
EOF
unset PASSPHRASE
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request POST \
--data $PAYLOAD_WITH_PASSPHRASE \
https://localhost:8200/v1/ethereum/import/test3 | jq .
unset PAYLOAD_WITH_PASSPHRASE
The example below shows output for the successful creation of /ethereum/accounts/test3
.
{
"request_id": "139fc04e-a4be-7775-7df1-ec4c789ccc53",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"address": "0x36d1f896e55a6577c62fdd6b84fbf74582266700",
"blacklist": null,
"spending_limit_total": "",
"spending_limit_tx": "",
"total_spend": "",
"whitelist": null
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint will list all account names.
Method | Path | Produces |
---|---|---|
LIST |
:mount-path/names |
200 application/json |
path
(string: <required>
) - Specifies the path of the accounts to list. This is specified as part of the URL.
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request LIST \
https://localhost:8200/v1/ethereum/names | jq .
The example below shows output for a query path of /ethereum/names/
when there are 3 addresses.
{
"request_id": "3e53a65b-9910-f5b7-1d42-b6bb83fcfc2c",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"keys": [
"test",
"test3",
"lesswow"
]
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint will list the addreses associated with a named account.
Method | Path | Produces |
---|---|---|
GET |
:mount-path/names/:name |
200 application/json |
name
(string: <required>
) - Specifies the name of the account to read. This is specified as part of the URL.
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request GET \
https://localhost:8200/v1/ethereum/names/muchwow | jq .
The example below shows output for a read of /ethereum/names/muchwow
.
{
"request_id": "57556ed7-da99-ee4d-fbf0-2feaed17e5b9",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"address": "0xb56b2dd44073d87cbac5d4a3655354b3762178ee"
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint will return the balance for an address.
Method | Path | Produces |
---|---|---|
POST |
:mount-path/names/:name/balance |
200 application/json |
name
(string: <required>
) - Specifies the name of the account This is specified as part of the URL.
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request GET \
https://localhost:8200/v1/ethereum/mainnet/addresses/immutability/balance | jq .
The example below shows output for the successful verification of a signature created by /ethereum/accounts/test
.
{
"request_id": "d772820e-bbc1-acd1-2aed-1107e72a857e",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"address": "0x4169c9508728285e8a9f7945d08645bb6b3576e5",
"balance": "10000000000000000",
"balance_in_usd": "2.99183586901"
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint will verify that this account signed some data.
Method | Path | Produces |
---|---|---|
POST |
:mount-path/names/:name/verify |
200 application/json |
name
(string: <required>
) - Specifies the name of the account to use for signing. This is specified as part of the URL.data
(string: <required>
) - Some data.signature
(string: <required>
) - The signature to verify.
{
"data": "this is very important"
"signature": "0x90a8712c948b5dfe412ca7e2082be9ef6ddf318a9aaf9183b702c0d1ee180d9d1f97683cb52026dc0de0b6033237cf421a27e88e7d0e608ac4778a9dcfd8818000"
}
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request POST \
--data @payload.json \
https://localhost:8200/v1/ethereum/name/test/verify | jq .
The example below shows output for the successful verification of a signature created by /ethereum/accounts/test
.
{
"request_id": "f806212d-087c-7378-dd85-676701aeabb7",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"address": "0x36d1f896e55a6577c62fdd6b84fbf74582266700",
"signature": "0x90a8712c948b5dfe412ca7e2082be9ef6ddf318a9aaf9183b702c0d1ee180d9d1f97683cb52026dc0de0b6033237cf421a27e88e7d0e608ac4778a9dcfd8818000",
"verified": true
},
"wrap_info": null,
"warnings": null,
"auth": null
}
This endpoint will read details associated with a transaction hash.
Method | Path | Produces |
---|---|---|
GET |
:mount-path/transaction/:transaction_hase |
200 application/json |
transaction_hase
(string: <required>
) - Specifies the transaction hash to read. This is specified as part of the URL.
$ curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN" \
--request GET \
https://localhost:8200/v1/ethereum/transaction/0x4773f64900d9ae460c72ca478fe2d122027b9dbc0433a40deb62d48ca068b108 | jq .
The example below shows output for a read of /ethereum/transaction/0x4773f64900d9ae460c72ca478fe2d122027b9dbc0433a40deb62d48ca068b108
.
{
"request_id": "fc524980-a91b-a1f8-2815-ba1aa67aa70f",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"address_from": "0x674647242239941b2D35368e66A4EdC39b161Da9",
"address_to": "0x97e3bA6cC43b2aF2241d4CAD4520DA8266170988",
"gas": 1200000,
"gas_price": 1000000000,
"nonce": 27861,
"pending": false,
"receipt_status": 1,
"transaction_hash": "0x4773f64900d9ae460c72ca478fe2d122027b9dbc0433a40deb62d48ca068b108",
"value": "0"
},
"wrap_info": null,
"warnings": null,
"auth": null
}