HIP-171: Add Message Sender's Account Id to Mirror Node API Response
| Author | John Conway (@scalemaildev) |
|---|---|
| Discussions-To | https://github.com/hashgraph/hedera-improvement-proposal/discussions/190 |
| Status | Last Call |
| Needs Council Approval | Yes |
| Review period ends | 2021-11-23 07:00:00 +0000 |
| Type | Standards Track |
| Category | Mirror |
| Created | 2021-10-18 |
| Updated | 2021-11-04 |
Table of Contents
Abstract
When returning a GET request from the mirror node API for a topic’s message(s), return the account ID of each message’s sender within its metadata.
Motivation
During the development of the Hashgraph Chess Application I ran into a problem: the game needed to filter out chess moves and chat messages that aren’t from one of the game’s two players. But I also didn’t want to make either player the admin of their game’s topic.
Since the account ID of a message’s sender isn’t included in the message metadata, I had to put their ID into the message content. This leaves the application open to spoof attacks, as anyone can submit a message to the topic with this field reconstructed. While there are some workaround methods to address this (such as querying the message by its transaction ID) the simplest method for resolving this problem would be to add the account ID of a message’s sender to its metadata.
Rationale
Many use cases for the HCS would want to know who is sending a message to a public topic. Workaround methods, such as querying the transaction ID for a message and pulling the sender’s ID from its timestamp, would involve extra API calls – this puts unnecessary strain on the mirror node and adds complexity to the app. Having a trustworthy source of information for who sent a message would allow developers to handle logic involving the sender’s ID within their application.
Originally, I had requested giving the GET request an additional parameter for adding the account ID to the metadata – because some use cases might not want to make a message’s sender public. However, on closer inspection the sender ID can be gleaned from querying the message timestamp anyway. So the message sender’s identity is always accessible, it just isn’t immediately available.
User stories
As a developer, I want to know what account sent an HCS message from the message’s metadata.
Specification
A new metadata field should be added to the responses of a mirror node’s GET request for messages. My suggestion is a key of ‘sender_id’ and the value being a string containing the sender’s account ID in the typical ‘x.y.zzz’ format.
Backwards Compatibility
N/A
Security Implications
There may be some concern with having a sender’s ID available, but this information can be gleaned from querying the message’s transaction ID anyway.
How to Teach This
N/A
Reference Implementation
TBD…
Rejected Ideas
N/A
Open Issues
N/A
References
Copyright/license
This document is licensed under the Apache License, Version 2.0 – see LICENSE or (https://www.apache.org/licenses/LICENSE-2.0)
Citation
Please cite this document as: