NANO RPC commands overview and categorization

Overview and categorization of NANO RPC commands (Node V15.2)

Quicklinks

- ALL commands sorted alphabetically
- RPC commmands categorized by intrusiveness
  ├ enable_control not required and not related to node wallets
  ├ enable_control not required and related to node wallets
  ├ enable_control required and related to node wallets
  └ enable_control required and not necessarily related to node wallets
- Additional comments
  ├ New commands to expect by V16
  ├ New commands to expect by V17
  ├ planned TLS commands
  └ Some hand-picked intrusive commands explained

ALL commands sorted alphabetically

"account_balance",
"account_block_count",
"account_count",
"account_create",
"account_get",
"account_history",
"account_info",
"account_key",
"account_list",
"account_move",
"account_remove",
"account_representative",
"account_representative_set",
"account_weight",
"accounts_balances",
"accounts_create",
"accounts_frontiers",
"accounts_pending",
"available_supply",
"block",
"block_account",
"block_confirm",
"block_count",
"block_count_type",
"block_create",
"block_hash",
"blocks",
"blocks_info",
"bootstrap",
"bootstrap_any",
"chain",
"confirmation_history",
"delegators",
"delegators_count",
"deterministic_key",
"frontier_count",
"frontiers",
"history",
"keepalive",
"key_create",
"key_expand",
"krai_from_raw",
"krai_to_raw",
"ledger",
"mrai_from_raw",
"mrai_to_raw",
"password_change",
"password_enter",
"password_valid",
"payment_begin",
"payment_end",
"payment_init",
"payment_wait",
"peers",
"pending",
"pending_exists",
"process",
"rai_from_raw",
"rai_to_raw",
"receive",
"receive_minimum",
"receive_minimum_set",
"representatives",
"representatives_online",
"republish",
"search_pending",
"search_pending_all",
"send",
"stats",
"stop",
"successors",
"unchecked",
"unchecked_clear",
"unchecked_get",
"unchecked_keys",
"validate_account_number",
"version",
"wallet_add",
"wallet_add_watch",
"wallet_balance_total",
"wallet_balances",
"wallet_change_seed",
"wallet_contains",
"wallet_create",
"wallet_destroy",
"wallet_export",
"wallet_frontiers",
"wallet_info",
"wallet_key_valid",
"wallet_ledger",
"wallet_lock",
"wallet_locked",
"wallet_pending",
"wallet_representative",
"wallet_representative_set",
"wallet_republish",
"wallet_work_get",
"work_cancel",
"work_generate",
"work_get",
"work_peer_add",
"work_peers",
"work_peers_clear",
"work_set",
"work_validate",

All RPC commmands categorized by intrusiveness

enable_control not required and not related to node wallets:

"account_balance",
"account_block_count",
"account_count",
"account_get",
"account_history",
"account_info",
"account_key",
"account_representative",
"account_weight",
"accounts_balances",
"accounts_frontiers",
"accounts_pending",
"available_supply",
"block",
"block_confirm",
"blocks",
"blocks_info",
"block_account",
"block_count",
"block_count_type",
"block_hash",
"successors",
"bootstrap",
"bootstrap_any",
"chain",
"confirmation_history",
"delegators",
"delegators_count",
"deterministic_key",
"frontiers",
"frontier_count",
"history",
"key_create",
"key_expand",
"krai_from_raw",
"krai_to_raw",
"mrai_from_raw",
"mrai_to_raw",
"rai_from_raw",
"rai_to_raw",
"peers",
"pending",
"pending_exists",
"process",
"representatives",
"representatives_online",
"republish",
"stats",
"unchecked",
"unchecked_get",
"unchecked_keys",
"validate_account_number",
"version",
"work_validate",

enable_control not required and related to node wallets:

"payment_begin",
"payment_wait",
"wallet_info",
"wallet_locked",
"account_list",
"password_enter",
"password_valid",
"payment_init",
"payment_end",
"wallet_balance_total",
"wallet_balances",
"wallet_contains",
"wallet_export",
"wallet_frontiers",
"wallet_key_valid",
"wallet_ledger",
"wallet_pending",
"wallet_representative",

enable_control required and related to node wallets:

"account_create",
"accounts_create",
"account_move",
"account_remove",
"account_representative_set",
"receive_minimum",
"receive_minimum_set",
"search_pending",
"search_pending_all",
"send",
"receive",
"wallet_add",
"wallet_add_watch",
"wallet_change_seed",
"wallet_create",
"wallet_destroy",
"wallet_lock",
"password_change",
"wallet_representative_set",
"wallet_republish",
"work_get",
"work_set",
"wallet_work_get",

enable_control required and not necessarily related to node wallets

"block_create",
"keepalive",
"ledger",
"stop",
"unchecked_clear",
"work_generate",
"work_cancel",
"work_peer_add",
"work_peers",
"work_peers_clear",

(the 'wallet id' parameter is optional for 'block_create', you can use a private key instead)

Additional comments

The node's "enable_control" is a little inconsistent and not very granular. A simple middleware can help filtering out these things.

A lot of the RPC commands are not necessary if you have a cryptographic library on the requester's side.

I will soon release some guides on how to achieve common tasks with RPC.

New commands to expect by V16 PR#904

"confirmation_info,
"confirmation_active"
"confirmation_quorum,"

New commands to expect by V17

"node_id",
"node_id_delete",
"wallet_history",

planned TLS commands

"wallet_list", 
"wallet_seed",

Some hand-picked intrusive commands explained

stop -> halts the node
bootstrap -> could be used to add a malicious node for bootstrapping
work_generate -> will cause a lot of CPU load when exploited. Work is also involved in all block creating commands.
unchecked_clear -> will delete some blocks from the cache
delegators -> will cause a lot of IO
ledger -> could be used to get 440k frontiers at once
work_peers_clear -> could be used to remove your work peers
work_peer_add -> could be used to add bogus work peers

If you only connect to the node on localhost, or if you whitelist the remote machine that gets access, you don't risk much. More info on whitelisting TBD. If your run a lightwallet backed for example, you will need to filter the most intrusive ones out. There are multiple pieces of software to do that, available for PHP, Node.js and Python so far. Links TBD