Felipe Forbeck fforbeck

In Storacha, you don't have a simple "bearer token". You need two things:

Identity (Key): Who you are (Private Key).
Permission (Proof): Proof that you are allowed to access the Space.

Most "API Key" confusion comes from missing the Proof part. See this example:

import { create } from '@storacha/client'
import { parse as parseProof } from '@storacha/client/proof'
import { StoreMemory } from '@storacha/client/stores'

How UCAN/Attest Works

Core Concept

ucan/attest enables an authority (like the Storacha service) to attest that a linked UCAN delegation is valid. It's essentially a way for a trusted service to vouch for a delegation that might otherwise be unverifiable.

Structure

Ref: https://gist.github.com/hopeseekr/f522e380e35745bd5bdc3269a9f0b132

sequenceDiagram
    participant User
    participant KMSAdapter as KMS Crypto Adapter
    participant SymCrypto as Symmetric Crypto<br/>(AES-CTR)
    participant Gateway as Private Gateway<br/>(private.storacha.link)
    participant KMS as Google Cloud KMS
    participant Storage as IPFS Storage<br/>(w3s.link)

    Note over User,Storage: ENCRYPTION FLOW

❯ upload-service (import-w3ui) ✘ pnpm nx run-many -t build view-logs zsh: correct 'nx' to '.nx' [nyae]? n

✔ nx run @storacha/capabilities:build [local cache] ✔ nx run @storacha/did-mailto:build [local cache] ✔ nx run @w3ui/core:build [existing outputs match the cache, left as is] ✔ nx run @storacha/filecoin-client:build [local cache] ✔ nx run @storacha/blob-index:build [local cache] ✔ nx run @w3ui/react:build [existing outputs match the cache, left as is] ✔ nx run @storacha/access:build [local cache]

JProfiler with Docker

Docker

DockerFile

DockerFile should have JProfiler installation.

RUN wget <JProfiler file location> -P /tmp/ && \
  tar -xzf /tmp/<JProfiler file> -C /usr/local && \
  rm /tmp/<JProfiler file>

	export STORACHA_SERVICE_DID=did:web:alan.up.storacha.network
	export STORACHA_SERVICE_URL=https://n7js8smi24.execute-api.us-west-2.amazonaws.com
	export STORACHA_STORE_NAME=storacha-cli-alan
	export STORACHA_RECEIPTS_URL=https://n7js8smi24.execute-api.us-west-2.amazonaws.com/receipt/

	export W3_SERVICE_DID=did:web:alan.up.storacha.network
	export W3_STORE_NAME=storacha-cli-alan
	export W3UP_SERVICE_URL=https://n7js8smi24.execute-api.us-west-2.amazonaws.com
	export W3UP_RECEIPTS_ENDPOINT=https://n7js8smi24.execute-api.us-west-2.amazonaws.com/receipt/

	import fs from 'node:fs'
	import { Readable } from 'node:stream'
	import { CARReaderStream } from 'carstream'
	import * as dagCBOR from '@ipld/dag-cbor'
	import * as dagJSON from '@ipld/dag-json'
	import * as DID from '@ipld/dag-ucan/did'

	Readable.toWeb(fs.createReadStream('proof.car'))
	.pipeThrough(new CARReaderStream())
	.pipeTo(new WritableStream({

	openapi: 3.0.3
	info:
	title: Tribute KYC API
	version: '1.0'
	x-logo:
	url: ''
	description: A minimal API spec to provide KYC certificates for Tribute DAO UI project.
	paths:
	/kyc-certificate/{{daoRegistryContractAddress}}/{{ethereumAddress}}:
	description: >-

	import * as sigUtil from 'eth-sig-util';

	type CouponType = 'coupon-kyc';
	type PrimaryType = 'Message' \| 'EIP712Domain';

	type CouponData = {
	type: CouponType;
	kycedMember: string;
	};