RPC guide (Work in progress)

A warning

If you ever expose RPC to the public, you should either add a middleware/proxy to filter out dangerous commands, or adjust your firewall to discard unknown server requests.
All popular lightwallet backends need to have accessible transactional data, so they use the proxy approach, for example "getcanoe/canoed", "cronoh/nanovault-server" and "nano-wallet-company/nano-wallet-server".
I made a standalone reference implementation for a filter in PHP . Just keep in mind that not all hosters have CURL enabled for PHP.

Setting up RPC in a Docker node

The config.json is already pre-set with everything you will probably need to access node RPC from the SSH on localhost.

If you want to expose the RPC access to the public (i.e. a computer outside of localhost), you need to adjust the docker run command.
-p [::1]:7076:7076 maps the RPC port to the local adapter only, whereas -p 7076:7076 makes it available publicly. Keep in mind that this is potentially unsafe.

Setting up RPC in a self-compiled node

In order to get RPC running with a self-compiled (non-Docker) node, you have to adjust these entries in config.json:
the code "address": "::1", defines the whitelisted IP of the host that wants to query the API. ::1 is localhost. For remote hosts, use the ffff: IP style. If you want to exposing RPC to the public, use: ::ffff: (dangerous).
"port": "7076", is the RPC port to CURL on, could be changed to gain a little more security by obscurity. All node peer IPs are visible, but using a custom RPC port number will make opportunistic attacks a less likely.
"enable_control": "true", to activate potentially dangerous commands. See my other guide for a complete list.
"rpc_enable": "true", to enable or disable RPC completely

Using CURL from the shell

General syntax (demonstrated with the "version" command):
curl -g -d '{ "action": "version"}' '[::1]:7076' (recommended)
but you can also use
curl -d '{ "action":"version"}' [::1]:7076
curl -d '{ "action": "version"}' localhost:7076

CURL example 1 - Get info about a list of blocks:
curl -g -d '{ "action": "blocks_info", "hashes": ["87434F8041869A01C8F6F263B87972D7BA443A72E0A97D7A3FD0CCC2358FD6F9","A170D51B94E00371ACE76E35AC81DC9405D5D04D4CEBC399AEACE07AE05DD293"], "source": "true" }' '[::1]:7076'

CURL example 2 - Get all in- and outgoing transactions (without rep-changes) of an account:
curl -d '{"action": "account_history", "account": "xrb_1x7biz69cem95oo7gxkrw6kzhfywq4x5dupw4z1bdzkb74dk9kpxwzjbdhhs", "count": "-1"}' '[::1]:7076'

CURL example 3 - Send from one of the node's accounts
curl -g -d '{ "action": "send","wallet": "1E7611671439EE5F25266355B19650692CBAD80C908DBCCF4245046AF317B9C2", "source": "xrb_1cetkb3dppdprbderhucsg4p1b1fa3x3xci8kf8e1ucdepcnj5ijeeuxdzfi", "destination": "ban_3irc5dijkoihw1xx3wot68smg5rt7grn9rcwixwap9j14r88grah7d6b631x", "amount": "7000000000000000000000000000000", "id": "cet7_75" }' '[::1]:7076'

CURL example 4: Broadcast an offline-signed block:
curl -g -d '{ "action": "process", "block": "{ \"type\": \"send\", \"previous\": \"F61A79F286ABC5CC01D3D09686F0567812B889A5C63ADE0E82DD30F3B2D96463\", \"destination\": \"ban_3parsemsxf43okk3usa6ndiywhg5mp8te5mshq96447qqqufweskxamsrgdp\", \"balance\": \"FFFFFFFEBCE1F051928DE8355FFFFFFF\", \"work\": \"01b3d0bf56abf094\", \"signature\": \"E6802D01682524542016174FF0A40166293B0230DFEA7A1D4501A6C83889BF7DAC866CA0E2192B1C8C9AAD7F24C71C1619C6E8306324121CAAE0DC842D91760A\"}" }' '[::1]:7076' The block itself could get rejected if it's not in a single line. In the "link" field, the node will accept both hashes and accounts.