Skip to main content

API Overview

GRIPLOCK exposes several APIs for communication between components. This reference covers the signaling server WebSocket API and message payload formats.

API Types

APIProtocolPurpose
Signaling APIWebSocketConnection establishment and message relay
Data Channel APIWebRTCPeer-to-peer encrypted data transfer
Blockchain APIJSON-RPCSolana mainnet queries

Architecture

Signaling Server

The signaling server facilitates WebRTC connection establishment:

Endpoint

wss://app.griplock.io/ws
ws://localhost:5000/ws  (development)

Connection Flow

  1. Dashboard connects and registers with session ID
  2. Mobile scans QR and connects with same session ID
  3. Server relays WebRTC signaling messages
  4. P2P connection established, server role ends

Message Types

TypeDirectionPurpose
register_dashboardDashboard → ServerJoin session as dashboard
register_mobileMobile → ServerJoin session as mobile
mobile_connectedServer → DashboardNotify of mobile presence
answerMobile → Server → DashboardWebRTC answer SDP
ice_candidateBidirectionalICE candidate exchange
encrypted_credentialsMobile → DashboardEncrypted wallet data

WebRTC Data Channel

After signaling completes, a direct P2P channel carries encrypted data:

Channel Properties

PropertyValue
Labelgriplock-data
Orderedtrue
Max RetransmitsUnlimited

Message Format

All data channel messages are JSON-encoded: 
interface DataChannelMessage {
  type: string;
  [key: string]: unknown;
}

Solana RPC

The dashboard queries Solana mainnet directly:

Endpoint

https://api.mainnet-beta.solana.com

Methods Used

MethodPurpose
getBalanceSOL balance for address
getTokenAccountsByOwnerSPL token holdings
getSignaturesForAddressTransaction history

Rate Limits

Public Solana RPC has rate limits. For production deployments, consider:
  • Private RPC endpoints (QuickNode, Alchemy, Helius)
  • Caching layer for balance/token queries
  • Request batching where possible

Authentication

Session-Based

Each connection is associated with a session ID: 
// Session ID format
const sessionId = crypto.randomUUID();
// Example: "a1b2c3d4-e5f6-7890-abcd-ef1234567890"

No API Keys

The signaling server doesn’t require API keys. Security relies on:
  1. Ephemeral session IDs
  2. End-to-end encryption
  3. WebRTC peer verification

Error Handling

WebSocket Errors

CodeMeaningAction
1000Normal closeReconnect if needed
1001Going awayServer shutdown, retry later
1006Abnormal closeNetwork issue, retry with backoff

RPC Errors

interface RPCError {
  code: number;
  message: string;
}
CodeMeaning
-32600Invalid request
-32601Method not found
-32602Invalid params
-32700Parse error
429Rate limited

SDK Integration

JavaScript/TypeScript

// Connect to signaling server
const ws = new WebSocket('wss://app.griplock.io/ws');

// Register dashboard
ws.send(JSON.stringify({
  type: 'register_dashboard',
  sessionId: 'your-session-id'
}));

// Handle messages
ws.onmessage = (event) => {
  const message = JSON.parse(event.data);
  switch (message.type) {
    case 'mobile_connected':
      // Mobile joined session
      break;
    case 'answer':
      // Process WebRTC answer
      break;
  }
};

Mobile (React Native)

import { RTCPeerConnection, RTCSessionDescription } from 'react-native-webrtc';

// Parse QR payload
const payload = decompressQRData(qrContent);

// Create peer connection
const pc = new RTCPeerConnection(rtcConfig);

// Set remote description (offer from dashboard)
await pc.setRemoteDescription(
  new RTCSessionDescription({
    type: 'offer',
    sdp: payload.sdp
  })
);

// Create and send answer
const answer = await pc.createAnswer();
await pc.setLocalDescription(answer);

Next Steps

WebSocket API

Detailed WebSocket message reference

Payload Formats

Data structure specifications