Our RPC Logging Practices
Given the recent announcements by many actors in the blockchain infrastructure industry, we believe it’s prudent to be transparent about our logging practices. Before getting into the details, we would like to briefly recap the various entities that have been referred to as Pocket Network in our various official and unofficial communication channels.
- Pocket Network Inc. (PNI) is a USA entity and the primary entity that is building out the Pocket Protocol and a slew of core product experiences, like the Wallet, Explorer, Portal, etc.
- Pocket DAO is our Decentralized Autonomous Organization that governs the development of the protocol, the tokenomics surrounding the protocol, and the community building on top of the protocol.
- Pocket Network Foundation (PNF) is a Cayman Islands entity that executes the will of the Pocket DAO amongst other functions.
For the sake of this specific blog post, we will be discussing the logging practices of the Pocket Portal, which is the API gateway that accesses our decentralized network and is wholly owned by PNI. There are a few points to keep in mind as you read through this article.
- We have a decentralized network of independent node runners running 25,000 nodes.
- Due to limitations in our current version of the protocol, PNI owns the only gateway that can access this network.
- When we release the next version of our protocol, v1, in the latter half of 2023, the gateway layer will be decentralized, enabling other entities to run their own direct access points to the network.
With this background in place, we’d like to discuss what we do and don’t collect on our private and public endpoints.
What We Do Not Collect
- User’s IP address
- User’s request origin
- User’s request data
What We Do Collect
The information listed below is collected to ensure quality of service across our gateways and network. The data is strictly for internal use only and we will never sell this information to third parties. We may use this data to, for example, quickly debug issues with a given node in our network, a given chain we support, or given methods we see users attempting to use that our network may/may not support.
Logging for All (Public & Private) Endpoints
For a given relay request (e.g., API Request + Metadata), we collect the following information:
- AWS region for the API Gateway where the request originated from
- Pocket blockchain application public key that was used to facilitate the relay into our network
- Node in the decentralized network that serviced the relay
- Blockchain to which the request was sent
- HTTP response status code of the request after it was processed
- Blockchain method called by the request
Specific for Private Endpoints
For the private RPC endpoints, which are vendored directly through the Portal, we use Auth0 as our identity-broker for our app/account-owners, and Stripe for payments. In this manner, we can tie an endpoint to an app/account-owner, meter them for relay usage of their dApp(s), and charge them appropriately.
As always, the Pocket core team is available on our official Discord should you have any further questions on our logging practices.
Want to know more?
🗣 Follow Pocket on Telegram @POKTnetwork
💬 Join the Pocket community in Discord
🔗 Mint an RPC endpoint for your application
👾 View our governance discussions in the Forum