API Node
An API node will replicate the state of Treasury (excluding any key material) and host the Treasury API service. It will forward any signed requests to Treasury.
The API service can be reached on any Treasury node, but it's advantageous to separate it out to follow a zero trust model.
Setup
Initialize a Treasury API node using a snapshot, or a genesis file.
- From snapshot
- From genesis file
An API node can be spun up from a snapshot. No decryption key is necessary, as only non-sensitive policy data needs to be replicated initially.
cord genesis init-api --snapshot snapshot.tar --home ${TREASURY_HOME}
The ${TREASURY_HOME}/config/genesis.json file may be copied from any existing Treasury node to initialize from, as it contains the initial policies.
cord genesis init-api --genesis genesis.json --home ${TREASURY_HOME}
The API node may now be started normally, but with --api-node or TREASURY_API_NODE=true set.
cord supervise run --home ${TREASURY_HOME} --backup-dir <path/to/backup-dir> --api-node
You can use the API node as a connecting node as well, by setting --connector or TREASURY_ENABLE_CONNECTOR=true.
Add peers
You should add the API node as a peer to one or more of the Treasury nodes (the engine process) in the treasury.toml file.
This can also be done by running the following command for each node.
cord genesis add-api-peer --node-id "<api-node-id>" --socket "<api-node-socket>" --home ${TREASURY_HOME}
Treasury nodes will make an outgoing connection to peers and validate that their node-id matches.
The connection is robust and will be retried whenever there is an interruption.