Grin-Wallet JSON-RPC api not working?

Tech Support
#1

I can’t seem to communicate to grin-wallet via json-rpc. I’m just testing using curl.
Referencing: https://github.com/mimblewimble/docs/wiki/Wallet-JSON-RPC-API-Guide

I try:
curl -0 -X POST -u grin:`cat ~/.grin/main/.api_secret` --data '{"jsonrpc":"2.0","method":"retrieve_summary_info","params":[true, 10],"id":1}' http://127.0.0.1:3415/v2/owner

and get no response. If I try port 3420 it says connection refused. halp?
(some specs: ubuntu 18, grin 4.0.2, grin-wallet 4.0.0)

Output after starting grin-wallet listen (removed addresses):

20200827 02:28:30.015 WARN grin_wallet_controller::controller - Starting TOR Hidden Service for API listener at address <tor-address>, binding to 0.0.0.0:3415
20200827 02:28:32.225 WARN grin_wallet_controller::controller - Starting HTTP Foreign listener API server at 0.0.0.0:3415.
20200827 02:28:32.226 WARN grin_wallet_controller::controller - HTTP Foreign listener started.
20200827 02:28:32.226 WARN grin_wallet_controller::controller - Slatepack Address is: <slatepack_addr>

Here is my config: /home/me/.grin/main/grin-wallet.toml

#########################################
### WALLET CONFIGURATION              ###
#########################################
[wallet]
chain_type = "Mainnet"

#host IP for wallet listener, change to "0.0.0.0" to receive grins
api_listen_interface = "0.0.0.0"

#path of TLS certificate file, self-signed certificates are not supported
#tls_certificate_file = "/home/me/fullchain.pem"
#private key for the TLS certificate
#tls_certificate_key = "/home/me/privkey.pem"

#port for wallet listener
api_listen_port = 3415

#port for wallet owner api
owner_api_listen_port = 3420

#path of the secret token used by the API to authenticate the calls
#comment it to disable basic auth
api_secret_path = "/home/me/.grin/main/.owner_api_secret"

#location of the node api secret for basic auth on the Grin API
node_api_secret_path = "/home/me/.grin/main/.api_secret"

#where the wallet should find a running node
check_node_api_http_addr = "http://127.0.0.1:3413"

#include the foreign API endpoints on the same port as the owner
#API. Useful for networking environments like AWS ECS that make
#it difficult to access multiple ports on a single service.
owner_api_include_foreign = false

#where to find wallet files (seed, data, etc)
data_file_dir = "/home/me/.grin/main/wallet_data"

#If true, don't store calculated commits in the database
#better privacy, but at a performance cost of having to
#re-calculate commits every time they're used
no_commit_cache = false

#Whether to use the black background color scheme for command line
dark_background_color_scheme = true

#The exploding lifetime for keybase notification on coins received.
#Unit: Minute. Default value 1440 minutes for one day.
#Refer to https://keybase.io/blog/keybase-exploding-messages for detail.
#To disable this notification, set it as 0.
keybase_notify_ttl = 1440


#########################################
### TOR CONFIGURATION (Experimental)  ###
#########################################
[tor]
skip_send_attempt = false

#Whether to start tor listener on listener startup (default true)
use_tor_listener = true

# TOR (SOCKS) proxy server address
socks_proxy_addr = "0.0.0.0:59050"

#Directory to output TOR configuration to when sending
send_config_dir = "/home/me/.grin/main"


#########################################
### LOGGING CONFIGURATION             ###
#########################################
[logging]

#whether to log to stdout
log_to_stdout = true

#log level for stdout: Error, Warning, Info, Debug, Trace
stdout_log_level = "Info"

#whether to log to a file
log_to_file = true

#log level for file: Error, Warning, Info, Debug, Trace
file_log_level = "Info"

#log file path
log_file_path = "/home/me/.grin/main/grin-wallet.log"

#whether to append to the log file (true), or replace it on every run (false)
log_file_append = true

#maximum log file size in bytes before performing log rotation
#comment it to disable log rotation
log_max_size = 16777216
log_max_files = 32
1 Like
#2

you must run

grin-wallet owner_api

to start the owner api listener

1 Like
#3

ah,

I am still getting no response after starting the owner_api

#4

Still no response. I’m using the same config as shown in op. I run the owner_api via
grin-wallet owner_api
getting:

20200827 06:53:12.893 WARN grin_wallet_controller::controller - Starting HTTP Owner API server at 127.0.0.1:3420.
20200827 06:53:12.893 WARN grin_wallet_controller::controller - HTTP Owner listener started.

I keep that in a screen, and then run:
curl -0 -X POST -u grin:`echo ~/.grin/main/.api_secret` --data '{jsonrpc":"2.0","method":"retrieve_summary_info","params":[true, 10],"id":1}' http://127.0.0.1:3420/v2/owner

and gets no response :confused:

#5

Hmm. well have you run init to create the wallet or opened the wallet?

#6

yes. I’v been doing transactions with the wallet.

#7

perhaps, you need to use this api secret instead
api_secret_path = "/home/me/.grin/main/.owner_api_secret"

The secret file you are using is set to the node api not the wallet api

Try:

curl -0 -X POST -u grin:`echo /home/me/.grin/main/.owner_api_secret` --data '{jsonrpc":"2.0","method":"retrieve_summary_info","params":[true, 10],"id":1}' http://127.0.0.1:3420/v2/owner

Alternatively, just comment out the secret paths in your config file to disable the authentication all together and see if that works.

#8

Thanks, still no response. I am trying on 2 different machines, both ubuntu 18 and same grin/grin-wallet version. I’m getting no response to the unauthenticated calls.

#9

So interestingly when I try api v3, I get a response. Says I must enable encryption via “init_secure_api”. I don’t see this anywhere in the docs, the docs show only v2 methods.

Well I’m still unsure what’s going on, does this mean I compiled a wrong version of grin-wallet… or v3 is also somewhat supported?

curl -0 -X POST -u grin:`cat ~/.grin/main/.owner_api_secret` --data '{"jsonrpc":"2.0","method":"retrieve_summary_info","params":[true, 10],"id":10}' http://127.0.0.1:3420/v3/owner

{
  "error": {
    "code": -32001,
    "message": "Encryption must be enabled. Please call 'init_secure_api` first"
  },
  "id": "1",
  "jsonrpc": "2.0"
}

That same command send to v2, gives no response.

#10

hmmm. I guess v2 must be deprecated on newer versions, maybe one of the devs can give more clear info on this.

in terms of init_secure_api you will need to setup a shared key with the api as described here https://github.com/mimblewimble/grin-rfcs/blob/master/text/0004-full-wallet-lifecycle.md

the process is a bit involved, so you may want to do it programmatically in go or something.

#11

It’s odd, I found the docs.rs docs for grin-wallet 4.0.0
https://docs.rs/grin_wallet_api/4.0.0/grin_wallet_api/

and there is no method on there init_secure_api

curious if any devs know what I’m missing here

#12

It is documented here: https://docs.rs/grin_wallet_api/4.0.0/grin_wallet_api/trait.OwnerRpc.html#tymethod.init_secure_api

It’s just not well explained for noobs. I had this same issue.

#13

Okay, I read the documentation you linked and trying to figure this out. I’m not sure how to 1) make the shared key, and 2) encrypt the api call with that key,

What data exactly is encrypted that goes in the body_enc field in the request:

{
“jsonrpc”: “2.0”,
“method”: “encrypted_response_v3”,
“id”: “1”,
“Ok”: {
“nonce”: “340b…”,
“body_enc”: “3f09c…”
}
}

#14

The first request to init_secure_api method is unencrypted with an ECDH public key as parameter.

Then, the wallet-api sends back some data, I think its the result of some EC math with a different key generated by the wallet api, you take that data and the private key of the key you provided previously to generate the shared secret.

Then, you encrypt all further requests with this shared secret key and place the encrypted data of the request in the body_enc field. The wallet api can securely decrypt these requests based on the shared key.

It is a bit too complex to be done on the command line if you are not familiar with the crypto concepts.

Try this sample instead:

#15

Thanks for the link and explanation. There should be an option to do unencrypted API calls if your only running locally (as would be most cases?) but I’ll look through it and see. I’m almost tempted to just cheat and interface using stdout lol…

#16

I’m almost tempted to just cheat and interface using stdout lol

lol yeah, I think this is what the grin-wallet command line wallet is for.

This is not secure, even on local host, since some malware on your host could easily intercept your keys and steal your money. I believe the only exception to this is if your client is directly linked to the wallet-api binary in the same process as the command line wallet is.

#17

Alright, so I’ve been working on this. Now I have gotten what I need to attempt a init_secure_api call, however I’m not sure what to send for “ecdh public key”. I have a ECDH public key struct in golang, and it looks like:
{curveType, X, Y, big.int}
and I’m not sure how to format that into ecdh_pubkey which is a parameter for the init_secure_api call…

?

#18

You can send it in the request as a hex encoded string.

If you’re using go, have a look at this library: