Nov 28, 2022 2 min read POKTportal

Our RPC Logging Practices

This post provides transparency into the logging practices of the Pocket Portal, including what we do and do not collect.

Given the recent announcements by many actors in the blockchain infrastructure industry, we believe it’s prudent to be transparent about our logging practices. Before getting into the details, we would like to briefly recap the various entities that have been referred to as Pocket Network in our various official and unofficial communication channels.

Pocket Network Inc. (PNI) is a USA entity and the primary entity that is building out the Pocket Protocol and a slew of core product experiences, like the Wallet, Explorer, Portal, etc.
Pocket DAO is our Decentralized Autonomous Organization that governs the development of the protocol, the tokenomics surrounding the protocol, and the community building on top of the protocol.
Pocket Network Foundation (PNF) is a Cayman Islands entity that executes the will of the Pocket DAO amongst other functions.

For the sake of this specific blog post, we will be discussing the logging practices of the Pocket Portal, which is the API gateway that accesses our decentralized network and is wholly owned by PNI. There are a few points to keep in mind as you read through this article.

We have a decentralized network of independent node runners running 25,000 nodes.
Due to limitations in our current version of the protocol, PNI owns the only gateway that can access this network.
When we release the next version of our protocol, v1, in the latter half of 2023, the gateway layer will be decentralized, enabling other entities to run their own direct access points to the network.

With this background in place, we’d like to discuss what we do and don’t collect on our private and public endpoints.

What We Do Not Collect

User’s IP address
User’s request origin
User’s request data

What We Do Collect

The information listed below is collected to ensure quality of service across our gateways and network. The data is strictly for internal use only and we will never sell this information to third parties. We may use this data to, for example, quickly debug issues with a given node in our network, a given chain we support, or given methods we see users attempting to use that our network may/may not support.

Logging for All (Public & Private) Endpoints

For a given relay request (e.g., API Request + Metadata), we collect the following information:

AWS region for the API Gateway where the request originated from
Pocket blockchain application public key that was used to facilitate the relay into our network
Node in the decentralized network that serviced the relay
Blockchain to which the request was sent
HTTP response status code of the request after it was processed
Blockchain method called by the request

Specific for Private Endpoints

For the private RPC endpoints, which are vendored directly through the Portal, we use Auth0 as our identity-broker for our app/account-owners, and Stripe for payments. In this manner, we can tie an endpoint to an app/account-owner, meter them for relay usage of their dApp(s), and charge them appropriately.

As always, the Pocket core team is available on our official Discord should you have any further questions on our logging practices.