How to obtain the JWT_TOKEN of a node and use the curl command line to retrieve related transaction information?

I set up a local node using the documentation at Docker-Compose Based Deployment of a Local Network — Splice documentation . With the help of the SDK, I successfully registered a partyId and obtained test coins through the tap & build tap transaction in the Wallet UI. I also completed the transfer (this transfer has 1 step / 2 steps). The problem is that the entire process relied on the SDK. For example, before building the transaction, I needed to obtain parameter information. Is it possible to obtain this information without relying on the SDK, and instead use the curl command line to request it? I saw a link at http://localhost:9090 that corresponds to the Swagger-UI link http://canton.localhost:3000/docs/openapi. Some requests in this link are directly accessible to me, for example, curl -X 'GET' \ '``http://canton.localhost:3000/v2/version``' \ -H 'accept:'. application/json’
{“version”:“3.3.0-SNAPSHOT”,“features”:{“experimental”:{“staticTime”:{“supported”:false},“commandInspectionService”:{“supported”:true}},“userManagement”:{“supported”:true,“maxRightsPerUser”: 1000,“maxUsersPageSize”:1000},“partyManagement”:{“maxPartiesPageSize”:10000},“offsetCheckpoint”:{“maxOffsetCheckpointEmissionDelay”:{“seconds”:75,“nanos”:0,“unknownFields”:{“fields”:{}}}}}}%

But some of my visits gave me errors.
curl -X ‘GET’ \
‘http://canton.localhost:3000/v2/users’ \
-H ‘accept: application/json’
{“code”:“NA”,“cause”:“A security-sensitive error has been received”,“correlationId”:“518855b1d584c95f02d69e674bbd0e67”,“traceId”:“518855b1d584c95f02d69e674bbd0e67”,“context”:{},“resources”:,“errorCategory”:-1,“grpcCodeValue”:16,“retryInfo”:null,“definiteAnswer”:null}%

I think it’s because it needs something like a JWT_TOKEN, which is why it can’t be accessed. If that’s the reason, then I’d like to ask where I can get this JWT_TOKEN? Because I need to get a lot of information through the curl command line, which would be more convenient.

Hey Stanley

you can use the authController directly to retrieve a token like:

import {

    localNetAuthDefault,

} from '@canton-network/wallet-sdk'

const token = await localNetAuthDefault().getAdminToken()

console.log('Admin Token:', token)

or if you are using localnet without alteration you can just use directly:
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJsZWRnZXItYXBpLXVzZXIiLCJhdWQiOiJodHRwczovL2NhbnRvbi5uZXR3b3JrLmdsb2JhbCIsImlhdCI6MTc2MzYyNjg1MSwiZXhwIjoxNzYzNjMwNDUxLCJpc3MiOiJ1bnNhZmUtYXV0aCJ9.8HQKe-m1DrKMpP0bjV2cjC4vZSZ8b6KmYf8VZ9vaVE4

Thank you very much for your answer. Now I can successfully receive a response when sending a request with the token.

Hello **Phillip_Olesen! **
After I obtain this Admin Token, I access this interface for example:

curl -X ‘GET’ \
“http://canton.localhost:3000/v2/users”
-H “accept: application/json”
-H “Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJsZWRnZXItYXBpLXVzZXIiLCJhdWQiOiJodHRwczovL2NhbnRvbi5uZXR3b3JrLmdsb2JhbCIsImlhdCI6MTc2NDMwOTg1NSwiZXhwIjoxNzY0MzEzNDU1LCJpc3MiOiJ1bnNhZmUtYXV0aCJ9.qC4b2_PBU_VnmxKBnIOjojMPGFAIsdSg7EhyObMeSaY”
| jq

I can get a normal response:

{
users: [
{
id: ‘app-provider’,

primaryParty: ‘app_provider_localnet-localparty-1::1220e031f30a1db1eb5b5577a660dd483752d82f0f8a2334894b4b30ab49ef5a1425’,

isDeactivated: false,

metadata: [Object],

identityProviderId: ‘’

}, …

}
However, when I broadcast the transaction using the same Admin Token:

curl -X ‘POST’ \

“http://canton.localhost:3000/v2/interactive-submission/execute” \

-H “accept: application/json” \

-H “Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJsZWRnZXItYXBpLXVzZXIiLCJhdWQiOiJodHRwczovL2NhbnRvbi5uZXR3b3JrLmdsb2JhbCIsImlhdC I6MTc2NDU1ODc4MywiZXhwIjoxNzY0NTYyMzgzLCJpc3MiOiJ1bnNhZmUtYXV0aCJ9.XgoOUZvIKHMkRP0lYMQ0Y55rjSetJnCbraZUBZQy1WU” \
-d { "userId": "ledger-api-user", "preparedTransaction": "CpzDAQoDMi4xEgEwGsUGCgIxMsI+vQYaugYKAz...", "hashingSchemeVersion": "HASHING_SCHEME_VERSION_V2", "submissionId": "677a28e9-9c22-411d-8735-85cce023f532", "deduplicationPeriod": { "Empty": {} }, "partySignatures": { "signatures": [ { "party": "hello::1220202f91180f02d7dda6e5e10200b16b904542691e3a5c35b88b5e935b72f85fb2", "signatures": [ { "signature": "ZSQT00itWA0qbE+fM3CGAFn0FRuK+l6EHQ+Deb0R28uRZxhJUaC/HbMylfeXqpeeXVpm/TUbL5PiHHOtbh6wBA==", "signedBy": "1220202f91180f02d7dda6e5e10200b16b904542691e3a5c35b88b5e935b72f85fb2", "format": "SIGNATURE_FORMAT_CONCAT", "signingAlgorithmSpec": "SIGNING_ALGORITHM_SPEC_ED25519" } ] } ] } } | jq

It reported an error

{
“code”: “NA”,
“cause”: "A security-sensitive error “has been received”,

“correlationId”: “04039e6e21f4df1343369e07e2dd06e4”,

“traceId”: “04039e6e21f4df1343369e07e2dd06e4”,

“context”: {},

“resources”: ,

“errorCategory”: -1,

“grpcCodeValue”: 16,

“retryInfo”: null,

“definiteAnswer”: null

}

Are these two interfaces using different tokens? Both are sending requests to my local interface.

Hey Stanley

A security-sensitive error “has been received”
indicates that an error has gone wrong either with authorization, authentication or permission, in order to know what actually went wrong you would need to query the logs of the participant (you can search by the traceId or correlationId).

My assumption would be that you don’t have the correct rights for the user hello::1220202f91180f02d7dda6e5e10200b16b904542691e3a5c35b88b5e935b72f85fb2, but without logs it is just speculations.