Upvest defines the notion of
tenants, which represent customers that build their platform upon the Upvest API. The end-users of the tenant (i.e. your customers), are referred to as 'clientele users'. A
tenant is able to manage its users directly (CRUD operations for the user instance) and is also able to initiate actions on the user's behalf (create wallets, send transactions) although it requires the involvement of the user using their password.
Upvest integrates blockchain protocols and exposes access to the functionality of those protocols to tenants via an easy-to-use and documented set of API calls.
tenant is able to register an account with Upvest on the Account Management Dashboard; this dashboard allows you to generate API keys to access the Upvest API endpoints. The
tenant represents a business that is integrating the Upvest API to offer blockchain-backed services to its users.
clientele user is a user of the tenant, utilizing Upvest software indirectly, via interacting with the tenant's platform. Although the
tenant can initiate actions on the user’s behalf, any actions that require access to the user’s wallet (i.e. transactions, signing) will require the involvement of the user using their password.
The Upvest API currently supports Ethereum (including the ERC20 token standard), as well as the Bitcoin protocol. In order to facilitate the exploration of the Upvest APIs, Upvest provides two environments:
Sandbox for testing, and
Production for your live applications.
Sandbox environment is designed to allow developers to test Upvest’s API endpoints easily and for free. Upon account creation, developers are able to create API key pairs which give them instant access to this environment.
As is common for blockchain application development, this environment includes the protocols’ testnets, which are functionally identical to their respective mainnets, just without any economic relevance. The testnet used for the Ethereum protocol is the
Ropsten network, and for Bitcoin, the
Sandbox Base URL
The base URL for API requests in Sandbox is:
Production environment gives developers access to the mainnets of the supported blockchain protocols. Obtaining live API keys for the Production environment is part of our paid service. The process of obtaining live API keys is detailed in this knowledge base article.
Production Base URL
The base URL for API requests in Production is:
At a high level, the Upvest platform can be divided into three parts. It consists of the API layer, the Upvest Wallet Management layer as well as the Upvest Enclave.
Let's take a look at a working example of the technical architecture along with the example of sending a transaction:
The tenant's user submits his password and the relevant transaction information on the tenant's front-end which triggers an API call directly to Upvest from their browser.
The Upvest API is the customer (tenant) and end-user (client) facing product. It validates incoming transaction requests and passes them on for processing as well as steering the response back to the requesting entity (in this case the requesting user’s browser).
Upon authenticating the user and validating their transaction request, the request is passed to the Wallet Management layer which retrieves the user’s encrypted wallet material from the Upvest data store. The first level of processing is performed using a Hardware Security Module (HSM), before passing the wallet data and transaction information to the Upvest Enclave.
The Upvest Enclave is an extremely small and hardened bare-kernel processing environment. It is the only part of the Upvest platform where decrypted wallet private keys exist, and solely for the purpose of signing transaction requests.
The Upvest Enclave derives the user’s wallet decryption key from their password, decrypts the user wallet, validates and signs the requested transactions, and returns the signed payload to the Wallet Management layer, which passes the signed payload to back-end blockchain nodes for broadcast.
Updated about a month ago