Authorizations
Authorizations use scheme types that map values that in turn provide access to an Airnode's endpoints These are stored in the same file that defines the Airnode, its config.json
file. These values are endpointId/address pairs that Airnode uses to allow access to its endpoints by requesters (smart contracts). Blockchain experience is not needed to use authorizations as Airnode performs these validations internally (off-chain). Nothing in Authorizers can supersede permissions granted by authorizations as the latter takes precedence.
The diagram below illustrates how Airnode utilizes authorizations.
When Airnode starts it reads its list of authorizations (endpointId/address pairs) declared in
config.json
.Airnode validates each request, checking that the requested endpoint and address of the requester is in fact in authorizations as a valid endpointId/address pair. For requests that are validated, Airnode proceeds to fulfill the request.
Are authorizations required?
Authorizations are not required. An Airnode operator could use Authorizers or Relayed Meta Data. It is possible to use both authorizers and relay security schemes together.
Why is an authorizations scheme needed?
Airnodes need the ability to fulfill requests selectively. This is required for two main reasons:
- The Airnode only fulfills requests made by requesters who have made payment to the Airnode owner wishes, which allows them to monetize their services.
- The Airnode owner only allows requester contracts it owns access to certain endpoints.
- The services of the Airnode are sensitive and can only be accessed by certain requesters, e.g., who have gone through KYC.
A protocol that does not have the authorizations
scheme or equivalent functionality cannot be considered as permissionless, and will not be able to achieve wide-spread adoption.
Currently there is only one authorization scheme type, see requesterEndpointAuthorizations. The authorizations scheme type is set in chains[n].authorizations.{<authorizationsSchemeType>}
of config.json
.
chains[n].authorizations:{requesterEndpointAuthorizations:{}},
requesterEndpointAuthorizations
Currently requesterEndpointAuthorizations
is the only scheme type available for authorizations. It defines a list of endpointIds each with an array of requester addresses that can access them.
{
...
"chains":[
{
"id": "1",
...
"authorizers": { The scheme type requesterEndpointAuthorizations
}, grants access to endpointId/address pairs
"authorizations": { ⬇︎
"requesterEndpointAuthorizations": {
"0x6db9...7af6": ["0xdhrt...A498"],
"0x8dd9...5ad7": ["0xdhrt...A498", "0xcse0...D236"],
⬆︎ ⬆︎ ⬆︎
endpointId requester addresses
}
},
},
}
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
More reading...
Other docs related to authorizations and relayed meta data:
- Reference ➙ Deployment Files ➙ config.json
- API Providers ➙ Build an Airnode ➙ Using Authorizations
- API Providers ➙ Build an Airnode ➙ API Security ➙ Relayed Meta Data Security Schemes