| description |
|---|
KalyChain API |
Access the KalyChain API using:
The following sections provide information about JSON-RPC, RPC Pub/Sub, and GraphQL.
To enable API access, use the
--rpc-http-enabled,
--ws-http-enabled,
--graphql-http-enabled, and
--Xrpc-ipc-enabled options.
To specify the host the API service listens on, use the
--rpc-http-host,
--rpc-ws-host, and
--graphql-http-host options. The
default host is 127.0.0.1.
To allow remote connections, set the host to 0.0.0.0.
!!! caution
Setting the host to `0.0.0.0` exposes the API service connection on your node to any remote
connection. In a production environment, ensure you use a firewall to avoid exposing your node
to the internet.
To specify the port the API service listens on, use the
--rpc-http-port,
--rpc-ws-port, and
--graphql-http-port options.
The default ports are:
- 8545 for JSON-RPC over HTTP.
- 8546 for JSON-RPC over WebSocket.
- 8547 for GraphQL over HTTP.
To prevent DNS rebinding attacks, Kaly checks incoming HTTP request host headers, WebSocket connections, and GraphQL
requests.
Kaly accepts requests only when hostnames specified using the
--host-allowlist option matches the request host headers.
By default, Kaly accepts requests and connections from localhost and 127.0.0.1.
!!! important
This isn't a permissioning feature.
To restrict access to the API, we recommend using the [Kaly authentication mechanism](authenticate.md)
with username and password authentication or JWT public key authentication.
If your application publishes RPC ports, specify the hostnames when starting Kaly.
!!! example
```bash
kaly --host-allowlist=example.com
```
Specify * for --host-allowlist to effectively disable host protection.
!!! caution
Specifying `*` for `--host-allowlist` is not recommended for production code.
Account management relies on private key management in the client, which is not supported by Kaly.
To send signed transactions, use
eth_sendRawTransaction.
eth_sendTransaction is not implemented.
Kaly does not support the Whisper and Swarm protocols.