Communication with Node by Restful API or RPC API - Security and overhead

(Thiago Rafael Ferreira) #1

Hello Folks, someone can help me answering my asks?

I’m starting on Corda and I have some questions relationed with communication with Corda’s nodes. My team started a PoC and we defined 3 applications to communicate with nodes on Corda.
-A mobile app that send specific information and that are necessary to storage on Ledger
-A web app private with some interfaces API Restful that receives information in JSON format from mobile app and It shows information from Node in page web
-A Cordapp that manipulate information on Corda’s Node.

My doubts/asks are:

  1. When the web app receives informations, It parses JSON to object and open a RPC connection with node respective. I saw/read in API/Javadoc of Corda (net.corda.core.messaging.CordaRPCOps.startFlow) that is necessary to pass the Flow. My Flow, IOU, Contract, etc, I defined only in Cordapp. Is it necessary to copy Flow class and relationed class used on Cordaapp to my web app to start a flow from a specific node to another node? For me it is stranges.

  2. Initialy I was thinking that each node could receive requisitions passing information from mobile app by API interface Restful and itself can startFlow passing the party involved. Is it secure to do this by API (If yes, I understand that my web app can be excluded of my archtecture) or it’s more recommendation to do the communication between nodes only by RPC communication? I see an overhead desnecessary between web app and calls RPC to node using web app.

(Thiago Rafael Ferreira) #2

Hello Folks,
I read the document corda-technical-whitepaper.pdf on page 42-43, item 11 Client RPC and reactive collections. It explain why we choose RPC instead Rest. About my problem, I believe that is necessary to choose between what I need versus what is better. This is the old tradeoff.