HomeAPI PolicyPlayground

LIAAS — Litecoin-as-a-Service (Open-Source Usage Guide)

This page outlines how to safely use LIAAS inside open-source repositories, what must remain private, and best practices for contributors.

This guide explains how open-source contributors can safely integrate LIAAS (Litecoin-as-a-Service) into public repositories while protecting confidential infrastructure, especially Enterprise Node URLs and sensitive endpoints.

If you just purchased a plan (Enterprise/BaaS), You can watch out our master demo to quickly get started.

1. LIAAS Plans Overview

🔹 API Plans

  • Access to standard LIAAS API endpoints

  • No direct node exposure

  • Node management handled by KAKR Labs

🔹 Enterprise Plan (Highly Sensitive)

  • Open-source organizations receive a dedicated full Litecoin node

  • You receive a Base Node URL (NodeURL)

  • This NodeURL grants direct access to your node

  • If leaked, attackers can:

    • spam requests

    • drain rate limits

    • potentially exploit node RPC

    • degrade performance or cause outages

👉 Conclusion: The Enterprise NodeURL must never appear in ANY open-source code, examples, screenshots, logs, CI pipelines, or documentation.

2. What MUST NOT Be Revealed Publicly

Item
Severity
Why It Must Stay Private

Enterprise NodeURL

🔥 CRITICAL

Most sensitive asset. Grants direct access to the node.

API Keys (any LIAAS Basic/BaaS plan)

🔥 CRITICAL

Allows others to act on your behalf.

Encrypted Passphrases / Signing Payloads

🔥 CRITICAL

Can be brute-forced.

Wallet Names linked to production wallets

⚠️ Sensitive

Leaks internal wallet details

Private Keys linked to production wallet addresses

⚠️ Sensitive

Allows anyone with LIAAS end-points to control the funds in the address

3. Recommended Safe Usage Pattern

To protect your infrastructure:

✔ SAFE

  • Use environment variables:

LIAAS_API_KEY=
LIAAS_NODE_URL=https://<your_enterprise_node-url>.com

  • Only public addresses in examples.

  • Document behavior—not credentials.

❌ UNSAFE (Never Do This)

// ❌ WRONG – never include this in a public repo
const client = new Liaas({
  apiKey: "production-key-here",
  baseURL: "https://<your-enterprise-node-url>"
});

  • Use .gitignore to prevent confidential files and directories from being tracked or published in your repo

.gitignore

.env
node.env
/secrets/*

4. Enterprise Endpoints Should Be Wrapped Behind Your Backend

If you MUST use raw node end-points:

Your backend should do:

frontend → your server → LIAAS Enterprise Node → Litecoin Network

Never:

frontend → Enterprise Node

Why?

  • Frontend JS is public → NodeURL leaks immediately

  • Browser developer tools exposes network calls

  • Attackers can replay API/RPC calls

  • Your node can be overloaded or attacked

Use a Reverse Proxy for Enterprise NodeURL (Strongly Recommended)

For Enterprise Plan users, always place your NodeURL behind a reverse proxy (NGINX, HAProxy, Cloudflare Tunnel, Traefik, etc.). A reverse proxy allows you to:

  • Hide the real NodeURL

  • Rate-limit requests

  • Add IP allow/deny rules

  • Add SSL/TLS termination

  • Filter unsafe RPC calls

  • Prevent direct public exposure

  • Add custom authentication layers

Never let clients—especially frontend clients—hit your NodeURL directly. Your architecture should always be:

frontend → your backend → reverse proxy → NodeURL (Enterprise)

💬 Support

Need Node-Level Protection? We Are Here to Help.

If you're on the Enterprise Plan, you can request:

  • White listing only approved IP ranges

Just contact us at [email protected] and our team will apply the restrictions directly on your dedicated node.

If your open-source project have any difficulties / queries on node security review assistance, contact KAKR Labs support:

📧 [email protected] 🌐 https://kakr.org/contact

PreviousVerify MessageNextLitecoin LiaaS API – API Clients

Last updated

Was this helpful?