Daml ledger allocate-parties

Questions
1

I am using the Postgres Driver for daml.

We add new parties dynamically, as a part of an onboarding process.

Which is the best way to allocate these new parties?
Is it safe to run the daml ledger allocate-parties each time? Is there SDK support for it?

Per

1 Like
2

It is safe, but depending on your situation, you may want to rather use the Ledger API RPC PartyManagementService#AllocateParty (which is what daml ledger allocate-parties uses), which can allow you to integrate party allocation in an existing application.

EDIT: as brought up by @Gary_Verhaegen in the following answer the JSON API also allows you to allocate a party. That is likely to be easier than and preferable to interacting with the Ledger API directly.

2 Likes
3

If you have a JSON API running, I’d say curl is probably the most lightweight solution.

curl -XPOST \
     -H "Authorization: Bearer $(cat token)" \
     http://$JSON_API_HOST/v1/parties/allocate \
     -d '{}'

You can optionally pass either of (or both) identifierHint and displayName if those are relevant:

curl -XPOST \
     -H "Authorization: Bearer $(cat token)" \
     http://$JSON_API_HOST/v1/parties/allocate \
     -d '{"identifierHint": "hint", "displayName": "display me"}'
3 Likes
4

Thanks!

I don’t use the JSON API, so I go with the Ledger API.

5

Would this be correct Java code:

public PartyManagementServiceOuterClass.AllocatePartyResponse alloc(String party, boolean withPartyHint) throws ExecutionException, InterruptedException {
        ManagedChannel channel = ManagedChannelBuilder.forAddress(host, port).usePlaintext().build();
        var stub = PartyManagementServiceGrpc.newFutureStub(channel);

        PartyManagementServiceOuterClass.AllocatePartyResponse response;
        if (withPartyHint){
            response = stub.
                    allocateParty(PartyManagementServiceOuterClass.AllocatePartyRequest.newBuilder().setDisplayName(party).setPartyIdHint(party).build()).get();
        } else {
            response = stub
                    .allocateParty(PartyManagementServiceOuterClass.AllocatePartyRequest.newBuilder().setDisplayName(party).build()).get();
        }

        return response;
    }

How do I send a JWT token here?

Thanks,
Per

6

You need to call stub.withCallCredentials and pass an instance of CallCredential that passes the Authorization header with the Bearer schema. This is the current implementation for it in the Java bindings.

2 Likes
7

For this to work, I believe the field admin must be set to true in the token that is being used as this is an admin call. Is that correct?

8

If you’re working with a ledger that requires authorization, you need a token with admin claims. This can either be a user token for a user that has admin rights or a custom claims token with admin = true. See Authorization — Daml SDK 2.2.0 documentation for details.

1 Like