Quanto Agent
The agent mode is a simple way to do signed POST requests without requiring changes on your code side. It act's by creating a proxy that signs and forwards anything you send to it.
Quanto Agent is highly recommend when using remote-signer in single-key mode
The remote-signer agent is enabled by default, but to function correctly some parameters should be specified:
-
AGENT_BYPASS_LOGIN=> Set it to true, if you want a transparent call without the need to make a login. Recommended for Single Key Mode -
AGENT_KEY_FINGERPRINT=> Set it to the fingerprint of the key you want to use as default. WARN In Single Key Mode this overrides the user key but if you're using a managed database for Remote Signer (like postgres or rethinkdb) the user might already have a key set, and this environment variable will not make any effect. This variable affects the creation of the admin user in bootstrap.
After that you can check the agent graphiql ui in /graphiql:
Using remote-signer agent is pretty simple. There are usually two steps involved:
- Generate a Token (only required if not
AGENT_BYPASS_LOGIN=true - Call the
/agentendpoint
If you're running the remote-signer without AGENT_BYPASS_LOGIN=true, a login is required. There is a default user called admin which can also create other users. To login with admin use you can use the following graphql call at /agentAdmin:
mutation Login {
Login(
username: "admin",
password: "admin"
) {
Value
UserName
ExpirationDateTimeISO
UserFullName
}
}Or if you want to use a REST call:
POST /agentAdmin
{
"query": "mutation Login($username: String!, $password: String!) { Login(username: $username, password: $password) { Value UserName ExpirationDateTimeISO UserFullName }}",
"variables": {
"username": "admin",
"password": "admin"
},
"operationName": "Login"
}This is the CURL commandline:
curl 'http://localhost:5100/agentAdmin' \
-H 'Content-type: application/json' \
--data-binary $'{"query":"mutation Login($username: String!, $password: String!) { Login(username: $username, password: $password) { Value UserName ExpirationDateTimeISO UserFullName }}","variables":{"username":"admin","password":"admin"},"operationName":"Login"}'The result will be:
{
"data": {
"Login": {
"ExpirationDateTimeISO": "2021-01-12T16:00:16-03:00",
"UserFullName": "",
"UserName": "admin",
"Value": "8e6d9eff-ecff-44fb-a355-881f3edc8623"
}
}
}Where the field data.Login.Value (8e6d9eff-ecff-44fb-a355-881f3edc8623) is what we will call proxyToken.
For calling the endpoint /agent two headers must be set:
-
proxyToken=> The token of the agent user session, from the previous section. IfAGENT_BYPASS_LOGIN=trueis set, this header is ignored. -
serverUrl=> Target URL to send the signed request. This defaults to value inAGENT_TARGET_URLwhich if not defined defaults tohttps://api.sandbox.contaquanto.com/all.
The /agent will act as a proxy for any POST calls made to it, using the headers it will find which is the gpg key the token is set to use, sign the request and call the URL specified by serverUrl with the same headers (excluding proxyToken and serverUrl) and body.
POST /agent
curl 'http://localhost:5100/agent' \
-X POST \
-H 'Content-Type: application/json' \
-H 'serverUrl: https://webhook.site/9695341e-217e-4443-ac54-8e7f700d9b88' \
-H 'proxyToken: 87421279-de8f-428d-88c3-2c18949b2cda' \
-H 'my-custom-header: hello world' \
--data-binary $'{"hello":"world"}'
