search
HomeIntelligencePricing

LIAAS — Litecoin-as-a-Service (Open-Source Usage Guide)

This page outlines how to safely use LIAAS inside open-source repositories, what must remain private, and best practices for contributors.

This guide explains how open-source contributors can safely integrate LIAAS (Litecoin-as-a-Service) into public repositories while protecting confidential infrastructure, especially Enterprise Node URLs and sensitive endpoints.

If you just purchased a plan (Enterprise/BaaS), You can watch out our master demoarrow-up-right to quickly get started.

hashtag
1. LIAAS Plans Overview

hashtag
🔹 API Plans

  • Access to standard LIAAS API endpoints

  • No direct node exposure

  • Node management handled by KAKR Labs

hashtag
🔹 Enterprise Plan (Highly Sensitive)

  • Open-source organizations receive a dedicated full Litecoin node

  • You receive a Base Node URL (NodeURL)

  • This NodeURL grants direct access to your node

  • If leaked, attackers can:

    • spam requests

    • drain rate limits

    • potentially exploit node RPC

    • degrade performance or cause outages

👉 Conclusion: The Enterprise NodeURL must never appear in ANY open-source code, examples, screenshots, logs, CI pipelines, or documentation.

hashtag
2. What MUST NOT Be Revealed Publicly

Item
Severity
Why It Must Stay Private

Enterprise NodeURL

🔥 CRITICAL

Most sensitive asset. Grants direct access to the node.

API Keys (any LIAAS Basic/BaaS plan)

🔥 CRITICAL

Allows others to act on your behalf.

Encrypted Passphrases / Signing Payloads

🔥 CRITICAL

Can be brute-forced.

Wallet Names linked to production wallets

⚠️ Sensitive

Leaks internal wallet details

Private Keys linked to production wallet addresses

⚠️ Sensitive

Allows anyone with LIAAS end-points to control the funds in the address

hashtag
3. Recommended Safe Usage Pattern

To protect your infrastructure:

hashtag
✔ SAFE

  • Use environment variables:

  • Only public addresses in examples.

  • Document behavior—not credentials.

hashtag
❌ UNSAFE (Never Do This)

  • Use .gitignore to prevent confidential files and directories from being tracked or published in your repo

hashtag
.gitignore

hashtag
4. Enterprise Endpoints Should Be Wrapped Behind Your Backend

If you MUST use raw node end-points:

hashtag
Your backend should do:

Never:

Why?

  • Frontend JS is public → NodeURL leaks immediately

  • Browser developer tools exposes network calls

  • Attackers can replay API/RPC calls

  • Your node can be overloaded or attacked

hashtag
Use a Reverse Proxy for Enterprise NodeURL (Strongly Recommended)

For Enterprise Plan users, always place your NodeURL behind a reverse proxy (NGINX, HAProxy, Cloudflare Tunnel, Traefik, etc.). A reverse proxy allows you to:

  • Hide the real NodeURL

  • Rate-limit requests

  • Add IP allow/deny rules

  • Add SSL/TLS termination

  • Filter unsafe RPC calls

  • Prevent direct public exposure

  • Add custom authentication layers

Never let clients—especially frontend clients—hit your NodeURL directly. Your architecture should always be:

hashtag
💬 Support

hashtag
Need Node-Level Protection? We Are Here to Help.

If you're on the Enterprise Plan, you can request:

  • White listing only approved IP ranges

Just contact us at [email protected] and our team will apply the restrictions directly on your dedicated node.

If your open-source project have any difficulties / queries on node security review assistance, contact KAKR Labs support:

📧 [email protected]envelope 🌐 https://kakr.org/contactarrow-up-right

PreviousVerify MessageNextLitecoin LiaaS API – API Clients

Last updated

Was this helpful?