Access the Hyperledger Besu API
Access the Hyperledger Besu API using:
HTTP and WebSocket responses are compact JSON by default. You can use
--json-pretty-print-enabled to pretty-print the output.
The following sections provide information about JSON-RPC, RPC Pub/Sub, and GraphQL.
Enable API access
--Xrpc-ipc-enabled is an early access option.
To allow remote connections, set the host to
Setting the host to
0.0.0.0 exposes the API service connection on your node to any remote connection. In a production environment, ensure you use a firewall to avoid exposing your node to the internet.
The default ports are:
- 8545 for JSON-RPC over HTTP.
- 8546 for JSON-RPC over WebSocket.
- 8547 for GraphQL over HTTP.
Ports must be exposed appropriately.
To specify the socket path for the IPC socket, use the
--Xrpc-ipc-path option. The default path is
besu.ipc in the Besu data directory.
--Xrpc-ipc-path is an early access option.
To prevent DNS rebinding attacks, Besu checks incoming HTTP request host headers, WebSocket connections, and GraphQL requests. Besu accepts requests only when hostnames specified using the
--host-allowlist option matches the request host headers. By default, Besu accepts requests and connections from
This isn't a permissioning feature. To restrict access to the API, we recommend using the Besu authentication mechanism with username and password authentication or JWT public key authentication.
If your application publishes RPC ports, specify the hostnames when starting Besu.
--host-allowlist to effectively disable host protection.
--host-allowlist is not recommended for production code.
Not supported by Besu
Account management relies on private key management in the client, which is not supported by Besu.
To send signed transactions, use
eth_sendTransaction is not implemented.
For account management, use third-party wallets.
Besu does not support the Whisper and Swarm protocols.