Accessing a Private API

Learn how to connect any Private API onchain for consumption with SEDA.

Accessing a Private API

Data proxies allow developers to expose an entire suite of private data to Oracle Programs on the SEDA network with a single integration. Data Providers can set a fee that is earned for every data request that utilizes their Data Proxy and private data or simply consume it their self in a whitelisted environment.

_{⚠ Important}_{: Data providers that deploy or operate a data proxy connected to the SEDA Network do so independently and at their sole risk. SEDA provides its infrastructure and services strictly “AS IS”, “AS AVAILABLE”, and “WITH ALL FAULTS”, without any warranties of any kind, whether express or implied. SEDA expressly disclaims all liability, including but not limited to, any reliance on the content, information, or materials available on its sites, documentation, or services, any loss, error, outage, security incident, inaccuracy, or unavailability arising from or related to its infrastructure, services, or data. Data providers are solely responsible for their own infrastructure, data accuracy and legality, security, regulatory compliance, and for any claims, damages, or liabilities (including those bought by users or third parties) arising from or related to their proxies or data. Nothing herein constitutes legal, financial, investment, or other professional advice, nor does it any form of contract, solicitation, recommendation, commitment, or offer to buy or sell. Access to and use of any part of SEDA is subject to the most current SEDA}_{Terms of Service}_.

Introduction to the Data Proxy

A Data proxy is a simple middleware component that acts as a pipeline or connector between any API and the SEDA network by holding an API key that has access to the data provider’s services.

Additionally, Data Proxies verify conditions to inbound HTTP requests, checking that the requester is part of the SEDA network and that if applicable the provider’s fees have been paid. Additionally, they allow providers to add an SECP private key to the proxy, which would be used to sign the data before it’s forwarded back to the requester, adding additional security and verifiability.

In the end, the proxy nodes allow data providers to expose their entire suite of APIs through a single, one-time deployment and when applicable earn value based on onchain demand with minimal technical overhead or maintenance.

Request Flow

Response Flow

System Requirements

The Data Proxy implementation is lightweight, allowing it to run with minimal infrastructure requirements:

Compute: 2 vCPU
Memory: 1 GB RAM
Storage: 100 MB for the binary (approx. 3 GB GNU/Linux instance)

The Data Proxy efficiently handles hundreds of requests per second, providing latency and throughput that are well-suited to meet current and near-future SEDA protocol demands.

Scaling Up

If performance needs to be boosted beyond vertical scaling, horizontal scaling is straightforward due to its minimal resource footprint. Depending on your existing infrastructure, consider the following strategies:

Load Balancing: Use tools like AWS ELB, NGINX, or HAProxy to distribute traffic across multiple proxy nodes.
Auto-Scaling: Implement cloud-based auto-scaling groups (e.g., Amazon EC2 Auto Scaling) to dynamically adjust instance counts based on traffic.
Container Orchestration: Utilize Kubernetes or managed services such as Amazon EKS/Fargate for efficient management and scaling of containerized instances.

These approaches ensure that your Data Proxy deployment remains scalable and resilient, adapting seamlessly to varying workloads.

Operating and Running a Data Proxy

Below is a step-by-step guide to initializing and running a Data Proxy to the SEDA Network

Prerequisites

Install Bun:

curl -fsSL https://bun.sh/install | bash

Clone the Data Proxy directory:

git clone https://github.com/sedaprotocol/seda-data-proxy.git ./my-project

Install the project dependencies:

cd ./my-project

bun install

Checkout the CLI commands:

bun start --help

Preparing a Data Proxy Node

Note: The SEDA network won't be able to access your proxy node unless you expose it on a public IP or domain.

Start by generating the config.json (mandatory) and data-proxy-private-key.json. The private key will be used for for signing data. It can also be passed with the following environment variable: SEDA_DATA_PROXY_PRIVATE_KEY. The environment variable takes precedence over the default key file, but when an explicit key file is specified that will take precedence.

bun start init

{
    "routeGroup": "proxy", // Will host at myproxy.com/proxy
    "routes": [
        {
            "path": "/*",
            "upstreamUrl": "https://myapi.com/endpoint/{*}", // {*} will be string replaced with user's api endpoint
            "headers": {
                "x-api-key": "MY-API-KEY",
                "accept": "application/json"
            }
        }
    ]
}

Registering a Node

Next you'll need to register your data proxy on the SEDA network. This can be done through a CLI command which will create a transaction for you which you can submit through the SEDA explorer.

bun start register <payout_address> <fee>

payout_address: Required. The SEDA address on which you would like to receive the payout for provided services.
<fee>: Required. The amount of SEDA you want to charge per request.
--memo: Optional. Free form text you can attach to your data proxy registration.

Clicking on the link will take you to the SEDA explorer where you can double check the attributes before connecting a wallet and signing the transaction. The address of the wallet which signed the transaction will be the admin of the data proxy: they're able to change the payout_address, memo, and submit fee updates. Admin ownership can be changed through the explorer by submitting a transaction.

Example invocation and output:

$ bun start register seda1lyfkj6xwecq3462qa683s78weexhp7d72ku3qf 1

# Should output something like the following
Fee amount: 		1 SEDA (1000000000000000000aseda)
Payout address: 	seda1lyfkj6xwecq3462qa683s78weexhp7d72ku3qf
Signed hash: 		ddca6a941e3db1e30aefb00816636bdf9346a103ec1ac7926036867d6a7e7889
Public key: 		0267f09f7a6b1f0be3458edd1aab59d00a4f7e827cd9a37624f94642f5ebd8e82c
Signature: 		b0e4b8ee137c983a74d07d21533d4b9119abb7cc82fb6ba0bc43a08cacb9c55777de3552ad4f7fab397e214b39114ca88951d6a1d54bdbe4db921955bc498169
Signature recovery id: 	1

Submit your transaction on:
https://devnet.explorer.seda.xyz/data-proxy/register?fee=1000000000000000000aseda&payoutAddress=seda1lyfkj6xwecq3462qa683s78weexhp7d72ku3qf&publicKey=0267f09f7a6b1f0be3458edd1aab59d00a4f7e827cd9a37624f94642f5ebd8e82c&signature=b0e4b8ee137c983a74d07d21533d4b9119abb7cc82fb6ba0bc43a08cacb9c55777de3552ad4f7fab397e214b39114ca88951d6a1d54bdbe4db921955bc498169&recoveryId=1&memo=

Verifying Data Proxy Configuration

Before starting the data proxy, you can run the validation command to make sure that it has been set up properly. Run the command with the --silent flag to get summary information.

bun run start validate

Running a Data Proxy

To start your proxy execute the following command:

bun start run

# The console will output something similiar:
2024-08-19 13:21:46.624 info: Proxy routes is at <http://127.0.0.1:5384/proxy/>

Your proxy is now running and ready to receive requests from the SEDA network.

Debugging

By default the data proxy node will validate that incoming requests originate from the SEDA network by eligible entities. If you want to verify everything is set up correctly you can pass the --disable-proof flag when starting the binary; this disables all incoming request verification on the proxy.

# Start the proxy without the request proof mechanism so it's easier to debug
bun start run --disable-proof

Configuration

Route Group

All proxy routes are grouped under a single path prefix, by default this is "proxy". You can change this by specifying the routeGroup attribute in the config.json:

{
  "routeGroup": "custom",
  // Rest of config
}

Base URL

In case you want to have software in front of the data proxy to handle the request (such as another proxy or an API management solution) it's possible that the public URL of the data proxy is different from the URL that the data proxy services. This causes a problem in the tamper proofing mechanism since the data proxy needs to sign the request URL, in order to prove that the overlay node did not change the URL. To prevent this you can specify the baseURL option in the config.json:

{
  "routeGroup": "proxy",
  "baseURL": "https://my-public-data-proxy.com"
}

Just the protocol and host should be enough, no trailing slash.

Should you do additional path rewriting in the proxy layer you can add that to the baseURL option, but this is not recommended.

Multiple Routes

A single data proxy can expose different data sources through a simple mapping in the config.json. The routes attribute takes an array of proxy route objects which can each have their own configuration.

The two required attributes are path and upstreamUrl. These specify how the proxy should be called and how the proxy should call the upstream. By default a route is configured as GET, but optionally you can specify which methods the route should support with the method attribute.

{
  "routeGroup": "proxy",
  "routes": [
    {
      "path": "/eth-usd",
      "upstreamUrl": "https://myapi.com/eth-usd"
      // Default method is GET
    },
    {
      "path": "/btc-usd",
      "upstreamUrl": "https://myapi.com/btc-usd",
      // You can set multiple methods for the same route
      "method": ["GET", "HEAD"]
    },
  ],
}

The OPTIONS method is reserved and cannot be used for a route.

Base URL per route

In addition to specifying the baseURL at the root level you can also specify it per route. The baseURL at the route level will take precedence over one at the root level.

{
  "routeGroup": "proxy",
  "baseURL": "https://data-proxy.com",
  "routes": [
    {
      // This route will use the "baseURL" from the root
      "path": "/eth-usd",
      "upstreamUrl": "https://myapi.com/eth-usd"
    },
    {
      // This route will use its own "baseURL"
      "baseURL": "https://btc.data-proxy.com",
      "path": "/btc-usd",
      "upstreamUrl": "https://myapi.com/btc-usd"
    },
  ],
}

Upstream Request Headers

Should your upstream require certain request headers you can configure those in the routes object. All headers specified in the headers attribute will be sent to the upstream in addition to headers specified by the original request.

{
  "routeGroup": "proxy", 
  "routes": [
    {
      "path": "/eth",
      "upstreamUrl": "https://myapi.com/endpoint/eth",
      "headers": {
        "x-api-key": "MY-API-KEY",
        "accept": "application/json"
      }
    }
  ]
}

Environment Variable Injection

Sometimes you don't want to expose your API key in a config file, or you have multiple environments running. The data proxy node has support for injecting environment variables through the {$MY_ENV_VARIABLE} syntax to the headers or the upstream URL.

{
  "routeGroup": "proxy",
  "routes": [
    {
      "path": "/odds",
      "upstreamUrl": "https://swapi.dev/api/my-odds",
      "headers": {
        "x-api-key": "{$SECRET_API_KEY}",
      },
    },
  ],
}

Environment variables are evaluated during startup of the data proxy. If it detects variables in the config which aren't present in the environment the process will exit with an error message detailing which environment variable it was unable to find.

Path Parameters

The routes objects have support for path parameter variables and forwarding those to the upstream. Simply declare a variable in your path with the :varName syntax and reference them in the upstreamUrl with the {:varName} syntax. See below for an example:

{
  "routeGroup": "proxy",
  "routes": [
    {
      "path": "/:coinA/:coinB",
      // Use {} to inject route variables
      "upstreamUrl": "https://myapi.com/{:coinA}-{:coinB}"
    },
  ],
}

Forwarding Response Headers

By default the data proxy node will only forward the content-type header from the upstream response. If required you can specify which other headers the proxy should forward to the requesting client:

{
  "routeGroup": "proxy",
  "routes": [
    {
      "path": "/planets/:planet",
      "upstreamUrl": "https://swapi.dev/api/planets/{:planet}",
      // Now the API will also return the server header from SWApi
      "forwardResponseHeaders": ["content-type", "server"],
      "headers": {
        "x-api-key": "some-api-key",
      },
    },
  ],
}

Wildcard routes

The Data Proxy node has support for wildcard routes, which allows you to quickly expose all your APIs:

{
  "routeGroup": "proxy",
  "routes": [
    {
      // The whole path will be injected in the URL
      "path": "/*",
      "upstreamUrl": "https://swapi.dev/api/{*}",
      "headers": {
        "x-api-key": "some-api-key",
      },
    },
  ],
}

JSON path

If you don't want to expose all API info you can use jsonPath to return a subset of the response:

{
  "routeGroup": "proxy",
  "routes": [
    {
      "path": "/planets/:planet",
      "upstreamUrl": "https://swapi.dev/api/planets/{:planet}",
      // Calling the API http://localhost:5384/proxy/planets/1 will only return "Tatooine" and omit the rest
      "jsonPath": "$.name",
      "headers": {
        "x-api-key": "some-api-key",
      },
    },
  ],
}

Status Endpoint

The Data Proxy node has support for exposing status information through some endpoints. This can be used to monitor the health of the node and the number of requests it has processed.

The status endpoint has two routes:

/status/health Returns a JSON object with the following structure:

{
  "status": "healthy",
  "metrics": {
    "uptime": "P0Y0M1DT2H3M4S", // ISO 8601 duration since the node was started
    "requests": 1024, // Number of requests processed
    "errors": 13 // Number of errors that occurred
  }
}

/status/pubkey Returns the public key of the node.

{
  "pubkey": "031b84c5567b126440995d3ed5aaba0565d71e1834604819ff9c17f5e9d5dd078f"
}

Status Configuration

The status endpoints can be configured in the config file under the statusEndpoints attribute:

{
  // Other config...
  "statusEndpoints": {
    "root": "status",
    // Optional
    "apiKey": {
      "header": "x-api-key",
      "secret": "some-secret"
    }
  }
}

root: Root path for the status endpoints. Defaults to status.
apiKey: Optionally secure the status endpoints with an API key. The header attribute is the header key that needs to be set, and secret is the value that it needs to be set to. The statusEndpoints.apiKey.secret attribute supports the {$MY_ENV_VARIABLE} syntax for injecting a value from the environment during start up.

PreviousExplore Supported Feeds NextAccessing a Public API

Last updated 16 hours ago

Was this helpful?

hashtagContents

hashtagAccessing a Private API

hashtagIntroduction to the Data Proxy

hashtagRequest Flow

hashtagResponse Flow

hashtagSystem Requirements

hashtagScaling Up

hashtagOperating and Running a Data Proxy

hashtagPrerequisites

hashtagPreparing a Data Proxy Node

hashtagRegistering a Node

hashtagExample invocation and output:

hashtagVerifying Data Proxy Configuration

hashtagRunning a Data Proxy

hashtagDebugging

hashtagConfiguration

hashtagRoute Group

hashtagBase URL

hashtagMultiple Routes

hashtagBase URL per route

hashtagUpstream Request Headers

hashtagEnvironment Variable Injection

hashtagPath Parameters

hashtagForwarding Response Headers

hashtagWildcard routes

hashtagJSON path

hashtagStatus Endpoint

hashtagStatus Configuration

Contents