Ports used by the Radix Node

Introduction

The Radix setup handles allocating ports during the node installation. If you are running on a cloud service, or your own secured server, then you need to ensure the required ports are open and available for use.

Ports used for the Radix Node

port number name node type public description

30000

Gossip port

full, validator

yes

This is the port used by the nodes to communicate, so should always be available.

3333

Node HTTP REST endpoints

full, validator

no

With the node REST API you can control some sensitive operations on the node, so this should be protected and not accessible by anyone that does not have node management privileges.

Nginx Ports

In order to protect the node we use Nginx to provide URLs that don’t expose the node services directly. A well as hiding the node endpoints, the Nginx provides three other functions:

  1. It adds basic authentication to the endpoints that should only be available to node administrators/managers.

  2. Provides rate limiting to provide a basic mechanism for Denial-of-Service protection

  3. Basic request caching

nginx port number nginx endpoint maps to Radix node port:

443

/system/*

3333

/key/*

3333

/mempool/*

3333

/engine

3333

/version

3333

30000

Endpoint usage

Each endpoint serves a different function (or group of functions) which are assigned different usernames and passwords for access. This allows you to secure the critical node functions while allowing a lower level of security for functions that can be publicly accessible:

Table 1. Radix Node API endpoint groupings by prefix
API Prefix Purpose Notes Nginx User

Core

/network

Used for retrieving the network configuration and the node’s current sync status

admin

Core

/entity

Used for reading the balance of a ledger entity, at the Core API abstraction level

admin

Core

/mempool

Used for examing the list of transactions in the mempool, and read the transaction content

admin

Core

/transactions

Used for reading transactions from the transaction stream

Enabled with a flag

admin

Core

/construction

Used for building, parsing, finalizing and submitting transactions, at the Core API abstraction level

admin

Core

/engine

Used for looking up the current engine status

admin

Core

/key

Used for reading the public keys, and signing transactions with the node’s private key

Enabled with a flag

superadmin

System

/system

Provides a number of endpoints to monitor a system and check system health and status, as part of the System API

admin

System

/prometheus

Provides node and network operation metrics data in the Prometheus text format

metrics

You can find a full specification for the API on our Postman site