{"id":17825435,"url":"https://github.com/soapdog/ssb-rpc-api","last_synced_at":"2025-09-26T12:35:08.222Z","repository":{"id":146158312,"uuid":"122127831","full_name":"soapdog/ssb-rpc-api","owner":"soapdog","description":null,"archived":false,"fork":false,"pushed_at":"2018-04-19T12:19:51.000Z","size":15,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-07-26T21:00:01.674Z","etag":null,"topics":["plugin","scuttlebot","scuttlebutt"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/soapdog.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2018-02-19T22:20:00.000Z","updated_at":"2018-04-19T12:19:52.000Z","dependencies_parsed_at":"2023-03-30T08:20:42.187Z","dependency_job_id":null,"html_url":"https://github.com/soapdog/ssb-rpc-api","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/soapdog/ssb-rpc-api","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soapdog%2Fssb-rpc-api","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soapdog%2Fssb-rpc-api/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soapdog%2Fssb-rpc-api/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soapdog%2Fssb-rpc-api/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/soapdog","download_url":"https://codeload.github.com/soapdog/ssb-rpc-api/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soapdog%2Fssb-rpc-api/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267678448,"owners_count":24126333,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-29T02:00:12.549Z","response_time":2574,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["plugin","scuttlebot","scuttlebutt"],"created_at":"2024-10-27T18:13:50.861Z","updated_at":"2025-09-26T12:35:08.112Z","avatar_url":"https://github.com/soapdog.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ssb-rpc-api\n\nThis is a plugin for [scuttlebutt](http://scuttlebot.io) that provides an HTTP API to `sbot`. \n\n## Access Control\nThe idea behind this plugin is that only authorized apps can connect to `sbot`. Each app is identified by its _HTTP Origin Header_ and a file at `.ssb/allowed_apps.json` contains entries for all the apps that tried contacting `sbot` through this plugin. Example:\n\n```\n{\n  \"apps\": [\n          {\n                  \"origin\": \"http://localhost:3000\",\n                  \"permission\": \"granted\"\n          },\n          {\n                  \"origin\": \"http://localhost:8000\",\n                  \"permission\": \"denied\"\n          },\n          {\n                  \"origin\": \"http://localhost:8001\",\n                  \"permission\": \"retry\"\n          }\n  ]\n}\n```\n\nThere are three states that an app can be in this file \u0026mdash; granted, denied, retry \u0026mdash; with the later meaning that the application is allowed to retry contacting `sbot` later. This is the default state that an app entries into the file.\n\n## Service Discovery\nWeb Clients don't have access to UDP Broadcasts, so they can't find the running `sbot`. The listener below can help with that:\n\n  http://localhost:8989/get-address\n\nThat will trigger an custom event on the application that is running the _sbot_ with type `server-discovery-request`, the application is should emit its own `server-discovery-response` granting, deniying or delaying access, for example, below is a piece of code that only grants access to requests that are comming from a Firefox Add-on:\n\n```\neventEmitter.on('server-discovery-request', (origin) =\u003e {\n  if (origin.startsWith(\"moz-extension://\")) {\n    eventEmitter.emit('server-discovery-response', origin, \"granted\")\n  } else {\n    eventEmitter.emit('server-discovery-response', origin, \"denied\")\n  }\n})\n```\nIf that code is running on your application, and you make AJAX requests from an add-on, you may see the following responses:\n\n```\nsoapdog@SurfaceFafi ~\u003e curl --header \"Origin: moz-extension://aaaa\" \"http://localhost:8989/get-address\"\n{\"status\":\"pending\",\"retry\":1500,\"handled\":true}⏎                                                                                  soapdog@SurfaceFafi ~\u003e curl --header \"Origin: moz-extension://aaaa\" \"http://localhost:8989/get-address\"\n{\"status\":\"granted\",\"server\":\"ws://localhost:8989~shs:gaQSAIhRg=\"}\n```\n\nThis way, application (and in my case add-on) developers have a way to run multiple ssb apps without everyone starting their own _sbot_. I made this because when developing pure web applications or add-ons like [patchfox](https://github.com/soapdog/patchfox) we don't have access to UDP broadcasts so it becomes quite hard to find if any application started `sbot` already. If this plugin is adopted by other projects, then it might be easier to one day ship a single `sbot` server that all apps can use.\n\nThe app is using a file called `allowed_apps.json` in `.ssb` to persist application access list data. Editing the content of this file will alter the response of this API. For each app there are two fields: `origin` and `permission`, the later can be `granted`, `retry`, `denied`.\n\nThis code has been extracted and modified from [minbay](https://github.com/evbogue/minbay/) by [ev](https://github.com/evbogue/).\n\n### Spec of responses\nThat URL responds with JSON.\n\n#### Pending request\n\nThis is returned while the sbot is awaiting permission from the user to reply with the address.\n\n```\n{\n  \"status\": \"pending\",\n  \"retry\": 1500\n}\n```\n\n#### Permission granted\n\nThis returns the _websocket address with the public key in it. It will only return that after the user has granted perms.\n\n```\n{\n  \"status\": \"granted\",\n  \"server\": \"ws://blablabla\"\n}\n```\n\n#### Permission denied\n\nIf the user declines sharing the address and key, then:\n\n```\n{\n  \"status\": \"denied\"\n}\n```\n\n## RPC API\nThe plugin exposes a series of APIs from `sbot` as URLs. If an app tries to use any of the URLs below and is not marked as `granted` in `allowed_apps.json`, the plugin will reply with status code 403 and:\n\n```\n{\"status\":\"denied\",\"msg\":\"only accepts requests from authorized apps\"}\n```\n\n### whoami\n**URL:** http://localhost:8989/api/whoami\n\n**Example response:**\n```\n{\"id\":\"@NoTARealUserKey0372085=.ed25519\"}\n```\n\n### Usage\n\nFor example:\n\n```\nvar rpc = require('ssb-rpc-api')\nvar eventEmitter = serverDiscovery.eventEmitter\n\nvar createSbot = require('scuttlebot')\n  .use(require('scuttlebot/plugins/master'))\n  .use(require('scuttlebot/plugins/gossip'))\n  .use(require('scuttlebot/plugins/replicate'))\n  .use(require('ssb-friends'))\n  .use(require('ssb-blobs'))\n  .use(require('scuttlebot/plugins/invite'))\n  .use(require('scuttlebot/plugins/local'))\n  .use(require('ssb-ooo'))\n  .use(require('ssb-ebt'))\n  .use(require('ssb-ws'))\n  .use(rpc)\n  .use(require('ssb-names'))\n```\n\n# Other useful APIs\nThe plugin also exports:\n\n* `getApps()`: which returns an array of app permissions.\n* `saveAppRecord(origin, permission)`: which records the permission for a given origin in the JSON file.\n* `isAppAllowed(origin)`: returns the permission for a given origin. \n\n# License \nMIT","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoapdog%2Fssb-rpc-api","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsoapdog%2Fssb-rpc-api","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoapdog%2Fssb-rpc-api/lists"}