Overview
The M10 Ledger provides an easy-to-use and expressive API for interacting with our platform. The M10 API uses gRPC for the transport mechanism, but you will mostly interact with it through one of our SDKs. While not RESTful (in the traditional but potentially blasphemous way), we attempt to follow some of RESTs ideology. Our API is formulated around the idea of objects. For instance, transfers and accounts are two types of objects. Each of those objects has certain operations that take place on them. Broadly these are things like: create, read, list, etc. All objects and requests in the system are standard protobuf messages.
SDKs
M10 offers 3 fully featured SDKs to use with our API: One for Rust, NodeJS, and Dart. Each is built on the same gRPC API definitions If your favorite language is not represented, don't despair, you can still use the raw gRPC API. The SDKs provide a thin-extension layer over the generated protobufs that help with signing and reducing boilerplate code.
Authz & Authn
The M10 API uses elliptic curve-based signing to authenticate each request. We support two common signature schemes: ED25519 and NIST-P256. Each request is wrapped in a protobuf message type called RequestEnvelope
, which contains the request itself and its signature. Request signing, in this style, satisfies the requirements outlined in the EU's PSD2 regulations. It also ensures that secrets always stay with the user, and are not transported across the internet.
For authorization, each request is checked by our RBAC (Role Based Access Control) system. You can read more details about that system in the Roles and Role Bindings pages
Observations
One distinctive part of M10's API is the ability to get an event stream of many objects in the system. For instance, you can observe transfers on specific accounts so you get notified of every transfer. Observations are built on gRPC's stream functionality, which allows for a long-running HTTP/2 connection that delivers periodic messages. Many of the ledger's most useful properties come from observations. They are essential if you want to build an FX service, run real-time AML checks, or build any other sort of event-sourced application.
SDK Setup
The M10 SDK needs to be initialized before it can be used. This process is slightly different in each language, but always includes two key steps: connecting to the ledger and adding the signer.
- CLI
- TS
- Rust