LIAAS — Litecoin-as-a-Service (Open-Source Usage Guide)

This page outlines how to safely use LIAAS inside open-source repositories, what must remain private, and best practices for contributors.

This guide explains how open-source contributors can safely integrate LIAAS (Litecoin-as-a-Service) into public repositories while protecting confidential infrastructure, especially Enterprise Node URLs and sensitive endpoints.

If you just purchased a plan (Enterprise/BaaS), You can watch out our master demo to quickly get started.

1. LIAAS Plans Overview

🔹 API Plans

Access to standard LIAAS API endpoints
No direct node exposure
Node management handled by KAKR Labs

🔹 Enterprise Plan (Highly Sensitive)

Open-source organizations receive a dedicated full Litecoin node
You receive a Base Node URL (NodeURL)
This NodeURL grants direct access to your node
If leaked, attackers can:
- spam requests
- drain rate limits
- potentially exploit node RPC
- degrade performance or cause outages

👉 Conclusion: The Enterprise NodeURL must never appear in ANY open-source code, examples, screenshots, logs, CI pipelines, or documentation.

2. What MUST NOT Be Revealed Publicly

Item

Severity

Why It Must Stay Private

Enterprise NodeURL

🔥 CRITICAL

Most sensitive asset. Grants direct access to the node.

API Keys (any LIAAS Basic/BaaS plan)

🔥 CRITICAL

Allows others to act on your behalf.

Encrypted Passphrases / Signing Payloads

🔥 CRITICAL

Can be brute-forced.

Wallet Names linked to production wallets

⚠️ Sensitive

Leaks internal wallet details

Private Keys linked to production wallet addresses

⚠️ Sensitive

Allows anyone with LIAAS end-points to control the funds in the address

3. Recommended Safe Usage Pattern

To protect your infrastructure:

✔ SAFE

Use environment variables:

LIAAS_API_KEY=
LIAAS_NODE_URL=https://<your_enterprise_node-url>.com

Only public addresses in examples.
Document behavior—not credentials.

❌ UNSAFE (Never Do This)

// ❌ WRONG – never include this in a public repo
const client = new Liaas({
  apiKey: "production-key-here",
  baseURL: "https://<your-enterprise-node-url>"
});

Use .gitignore to prevent confidential files and directories from being tracked or published in your repo

`.gitignore`

.env
node.env
/secrets/*

4. Enterprise Endpoints Should Be Wrapped Behind Your Backend

If you MUST use raw node end-points:

Your backend should do:

frontend → your server → LIAAS Enterprise Node → Litecoin Network

Never:

frontend → Enterprise Node

Why?

Frontend JS is public → NodeURL leaks immediately
Browser developer tools exposes network calls
Attackers can replay API/RPC calls
Your node can be overloaded or attacked

Use a Reverse Proxy for Enterprise NodeURL (Strongly Recommended)

For Enterprise Plan users, always place your NodeURL behind a reverse proxy (NGINX, HAProxy, Cloudflare Tunnel, Traefik, etc.). A reverse proxy allows you to:

Hide the real NodeURL
Rate-limit requests
Add IP allow/deny rules
Add SSL/TLS termination
Filter unsafe RPC calls
Prevent direct public exposure
Add custom authentication layers

Never let clients—especially frontend clients—hit your NodeURL directly. Your architecture should always be:

frontend → your backend → reverse proxy → NodeURL (Enterprise)

💬 Support

Need Node-Level Protection? We Are Here to Help.

If you're on the Enterprise Plan, you can request:

White listing only approved IP ranges

Just contact us at [email protected] and our team will apply the restrictions directly on your dedicated node.

If your open-source project have any difficulties / queries on node security review assistance, contact KAKR Labs support:

📧 [email protected] 🌐 https://kakr.org/contact

PreviousVerify Message NextLitecoin LiaaS API – API Clients

Last updated 1 month ago

Was this helpful?