API Nodes for Dummy's (like me!)
Hey guys I thought I would take advantage of this hardfork transition to share some good knowledge from another Steemer, who is a witness for the site and super smart dude. Rectifying my lack of understanding of how blockchains and Steemit work has been an uphill battle me sometimes and I recently came across some good answers down in the comments of an old post announcing a new bitshares node in the US. https://steemit.com/bitshares/@xeldal/new-bitshares-api-full-node-in-kansas-city-missouri-usa
While I have gained a basic understanding of what an API node is (Application Programming Interface: software that allows two applications to talk to each other), I was unclear on a couple of points, such as what incentives are there for running a node and what vulnerabilities were risked in the process of interacting with one. These comments provide some good answers.
"An API node is just a server that connects to the Bitshares blockchain and provides all the data necessary to run a wallet. The users wallet, either through a website or by an app on their computer/phone sends out requests for information like market data, account balances, history etc. as well as requests for placing orders and sending funds. The API node handles these request so the user doesn't need to run a full server themselves."
"Bitshares users benefit by having another location to connect to. For a while the only servers you could find were in Germany or China. These few servers were getting over worked and because they were halfway around the world for US users the latency was often so high that the wallet became hard to use or unstable. Having more nodes means spreading the workload around as well as offering closer connections for lower latency which should provide a more consistent and enjoyable experience."
"There's no direct financial benefit for running an API node. No cut of transaction or anything like that. I would say there is an indirect benefit though. By supporting the network and providing a better experience for users it can translate to a higher BTS price which benefits all Bitshares holders. As well, it is a positive mark for someone's reputation in the community if they are doing other things like worker proposals or campaigning for a witness position. It's important for those people to be active in their support for the network and to do things that others may be unwilling or unable to do."
"As for what a bad malicious node provider could do to harm a user or the network? The worst they can do is either feed the user bad data causing them to make decisions they wouldn't normally have made or blocking the users transactions from entering the blockchain. Both of these attacks from a node provider would be easy to spot and would result fairly quickly in destroying the node providers reputation in the community. If they held any positions of importance they would likely be voted out. It is also easy to switch to another node if you suspect something is wrong."
"It's important to note that it's NOT possible for the API node provider to access any users private keys, funds, or other personal information(other than ip address). A wallet provider could though, by injecting malicious java script so if you use a web-wallet you are trusting them not to do that, but a wallet provider and an API node are different things. Best practice is to use the downloadable wallet and hopefully soon we will have transaction signing apps or offline signing separate from the wallet, so even if the wallet provider was bad they couldn't get your keys. @jesta has developed something like this already for STEEM: https://steemit.com/vessel/@jesta/vessel-0-2-0-interact-with-steem-securely-from-any-website"
Thought this might clear a few things up for some folks, like it did for me. Check out the whole post here: https://steemit.com/bitshares/@xeldal/new-bitshares-api-full-node-in-kansas-city-missouri-usa
This post was incredible helpful to me personally. Thank you.
You are welcome, but the credit goes to Xeldal!