Skip to main content

Introduction

External parties control their cryptographic signing keys, which removes the need to trust any participant node with transaction authorization. External parties provide full control over transaction signing, ensure regulatory compliance for transaction authorization, and are independent of participant node operators.

Prerequisites

  • Access to a participant node with admin API credentials
  • OpenSSL or equivalent for key generation
  • curl for API calls (or grpcurl for gRPC)

Quickstart LocalNet Setup

If you haven’t installed the Canton Network Quickstart application, refer to quickstart-cnqs-installation.
Your .env.local file should look like:
Obtain Admin Token The external party topology APIs require authentication. In shared-secret mode, you generate a JWT token using the splice-onboarding container with app-user as the subject:

Generate Cryptographic Keys

Create an Ed25519 key pair for the external party.

Onboard an External Party

Generate Topology Transactions

Update the party_hint value below to match your .env.local configuration.
Use the validator API to generate the three required topology transactions:
Example response:
The response contains:
  • party_id: The allocated party identifier (party hint + key fingerprint)
  • topology_txs: Array of three topology transactions with their hashes:
    1. Root namespace transaction - Creates the party and sets the public key controlling the namespace
    2. Party to participant mapping - Hosts the party on the participant with Confirmation rights
    3. Party to key mapping - Sets the key to authorize Daml transactions

Sign Topology Transaction Hashes

Each topology transaction returned by the generate API has a hash field that must be signed with your private key. The hash is hex-encoded. Extract the response values: The GENERATE_RESPONSE variable was set by the curl command above. Now extract the party ID, topology transactions, and hashes:
Sign each hash with Ed25519 private key: The signing commands use temporary files for cross-platform compatibility:
Note
The hashes and signatures are hex-encoded strings. The submit API expects:
  • topology_tx: Base64-encoded topology transaction (as returned by generate)
  • signed_hash: Hex-encoded Ed25519 signature of the transaction hash

Submit Signed Topology Transactions

Successful response:

Validate Party Creation

After submitting the signed topology transactions, verify the external party was created successfully. Generate a Ledger API token for the ledger-api-user.
Discover Synchronizer ID The synchronizer ID identifies the network your participant is connected to and is required for topology validation and transaction submission.
This typically returns a value like global-domain::12209d604bfb....
Note
Topology transaction submission is asynchronous. The party may take a few seconds to appear in the topology state after successful submission. Implement a retry loop with a short delay if immediate verification is required.

Submit Transactions as the External Party

Overview

Unlike internal parties (1-step submission), external parties use a 3-step interactive submission process:
  1. Prepare - Request transaction preparation from a participant node
  2. Sign - Sign the transaction hash with external key
  3. Execute - Submit the signed transaction

Step 1: Prepare the Transaction

Use the InteractiveSubmissionService/PrepareSubmission gRPC endpoint to prepare your transaction. The Canton.Internal.Ping template is available on all Canton participants without deploying any DAR files. The Ping template requires an initiator (your external party) and a responder (any other known party). Retrieve the app_user party from your Quickstart LocalNet to use as responder:
Submit the Ping contract:
Note
The user_id must be ledger-api-user to match the JWT subject used for the LEDGER_TOKEN.
Tip
To use your own Daml templates instead of the built-in Ping, replace the template_id fields with your package ID, module name, and template name. Discover deployed packages using:
Response fields:
  • prepared_transaction: The full transaction and metadata to be signed
  • prepared_transaction_hash: Pre-computed hash (recompute client-side for security)
  • hashing_scheme_version: Version of the hashing algorithm (typically HASHING_SCHEME_VERSION_V2)
Extract the prepared transaction and hash for signing:

Step 2: Validate and Sign

1. Validate the Transaction Before signing, inspect the prepared transaction to verify it matches your intent:
2. Sign the Hash Sign the $TRANSACTION_HASH returned by PrepareSubmission with your Ed25519 private key:
Note
For production deployments, you may want to recompute the transaction hash client-side rather than trusting the pre-computed hash. A Python implementation is available in the Canton release artifact at examples/08-interactive-submission/daml_transaction_hashing_v2.py.
Sign the hash with your private key:
Store the signature for the execute step.

Step 3: Execute Submission

Submit the signed transaction using InteractiveSubmissionService/ExecuteSubmission:
Key fields:
  • submission_id: A new UUID for this submission attempt (can retry with a new ID without re-signing)
  • party_signatures: Contains the signature with format, algorithm spec, and the signing key fingerprint

Observe Transaction Outcome

Verify the transaction was processed using the CompletionStream endpoint.
Note
CompletionStream is a blocking endpoint that waits for new completions. Open a second terminal and run this command before executing Step 3, or re-generate LEDGER_TOKEN and PARTY_ID in the new terminal first.
In your second terminal:
The stream captures the completion after executing Step 3 in your original terminal. Stop the stream, then inspect the result:
Query Transaction Details (Optional) Extract the offset from the completion and use GetUpdates to retrieve full transaction details:
Note
External parties authenticate via cryptographic signatures rather than ledger user rights. This means GetUpdateById (which requires can_read_as rights) won’t work for external party transactions. Use GetUpdates with the offset range instead.