When do I need to provide a dummy token to interact with the sandbox?

I’m a bit confused by the following: if I start the sandbox without any authentication specified, and I run a JSON API service in front, I need to present a “dummy” token (ie. a well-formed one with secret secret) in my header in order to be able to interact with the JSON API. However, if I run a trigger host or DAML script I don’t need to provide such token. Is it the JSON API that enforces the presence of a token here, and the sandbox just ignores it? Or is there some implicit token generation happening in the trigger host or script runner?

2 Likes

The JSON API enforces the token since It uses it to infer the party. The ledger API never requires a dummy token so there is no implicit token generation going on in the trigger host or script runner. If you run DAML Script over the JSON API you also need a token.

1 Like