I would advice to start thinking about authentication and authorization from the very beginning, this would make your life easier when you need to deploy your ledger in UAT or PROD.
Here is the documentation explaining sandbox authentication options: https://docs.daml.com/1.2.0/tools/sandbox.html#running-with-authentication
Let’s clarify what postgres we are talking about.
- You can run sandbox/ledger server with persistence/postgres backend enabled:
$ daml sandbox --sql-backend-jdbcurl ...
This is must have for any UAT/PROD deployment, else your ledger will be lost after the restart.
- You can run json-api with optional query store enabled. Query store is a json-api search index, that uses postgres db to optimize queries over large active contract sets (ACS):
$ daml json-api --query-store-jdbc-config=driver=org.postgresql.Driver,url=jdbc:postgresql://localhost:5432/test?&ssl=false,user=postgres,password=password,createSchema=false" ...
If you are not planing to have a very large number of active contracts, you should be fine running json-api without
--query-store-jdbc-config (query store is disabled). Where
large number of active contracts depends on the JVM heap size allocated for your json-api. With default JVM heap settings you should not have any issues querying ACS as large as 1k - 5k active contracts.
For local development, run sandbox without
--sql-backend-jdbcurl, don’t specify any
--auth-jwt-XXX options (authentication disabled) and json-api without
--query-store-jdbc-config (query store is disabled).
json-api would force you to start thinking about authentication right away, it requires JWT token provided in the request header, so your client code will have to provide JWT in every HTTP request going to json-api.
For Integration env, run sandbox with
--sql-backend-jdbcurl and with one of
--auth-jwt-XXX options (that would enable authentication), run json-api wihtOUT
For UAT and Production, always run sandbox with
--sql-backend-jdbcurl and with
--auth-jwt-XXX (with enabled authentication); depending on the expected size of the ACS either enable
--query-store-jdbc-config in json-api or increse JVM heap.
Hope this helps.