Skip to main content

BlockVault CEE API

A variation of the Asset Onboarding Service that implements the BlockVault Scope SDK

In this section, you'll learn about a practical implementation of the p8e-scope-sdk, the p8e-gradle-plugin, and the metadata-asset-model, which together can be used to register new BlockVault contract specifications ("smart contracts"), then execute those contracts to store data in the Encrypted Object Store and record assets on the Provenance Blockchain.

We will cover the API Specification and walk through the proper execution order:

  1. Publishing a new BlockVault contract,
  2. Storing data in BlockVault, and finally
  3. Recording a new asset on the Provenance Blockchain ledger.

Deploying Locally

To run this service locally, be sure to have Docker and Vault by Hashicorp installed:

brew install docker
brew tap hashicorp/tap
brew install hashicorp/tap/vault

once installed, all you need to do is run the included docker setup script

./ up

and run the service - either via an Intellij run configuration or via the command line with the following command:

./gradlew bootRun

Provenance Blockchain Member ID

With each request to the Contract Execution Environment endpoints, it's important to identify which Provenance Blockchain member is making the request to sign the transaction. To do this, the p8e-cee-api requires an x-uuid header on every request.


When testing locally, be sure to include the x-uuid header with a value that correlates to one of the UUID's added as secrets to Vault in the up script.


The x-uuid header is automatically removed from requests made to the test or production environments and replaced with the UUID that matches the API Key used in the request. See next section for more detail.

API Key for Test or Production Environments

Figure Tech uses Kong API Gateway to handle ingress into its Kubernetes clusters. The Figure Tech hosted instances of the p8e-cee-api are secured by specific API Keys for each participant in the Provenance Blockchain network.

When used, Kong will authenticate an API Key against an ACL, strip any provided x-uuid header and add a new x-uuid header with the appropriate UUID associated with the API Key.


API Keys are available upon request.