Does application have not own state (storage)?

What if some application want to replace /directory which has already maintained by another application ?

It technically can’t – the root directory for an app is derived from the app’s private key, which is derived from its domain (i.e. If it were to “replace” the other app, then it would have to have the same domain, or use a type of collection (which isn’t implemented yet).

Is there a way to get full URL to send GET (POST) request (in postman for example) to get application data ?

yes - if you have the app bucket, you can use this:

GET{bucket address}/{path}

If it’s not the official gaia hub, use {gaia address}/hub_info and use the read_url_prefix from that instead of

e.x.: returns


and using that with an identity-bucket-address and the profile.json filename:

Granted, if it is encrypted you will have to decrypt your own data using your private key to generate the app’s private key, etc etc… and the bucket address is different per user. So it’s not fun to migrate yourself, and it’s impossible to migrate others, if that’s what you are trying to do.

1 Like

I just wanna understand how it works)

  • What is the signature in profile.json ?
  • How app address is generated ? (What function to use)

The signature in the profile.json is just the JSON Web Token signature that is created via the browser. You can learn about JWTs here: .

Start with the master keychain (from your account’s recovery phrase mnemonic):

  1. Derive (hardened) by 888 (I believe it’s an index but can’t recall correctly), and then derived (hardened) again by 0 – this gets you the identity keychain.
  2. Derive (hardened) by the identity index (for the root identity, this is 0) to get that particular sub-identity’s keychain.
    a) Create a salt as well, which is made by sha256 hashing the identity public key (the root one, not the sub- one), transforming it into a hex string.
  3. Derive (hardened) the sub-identity’s keychain by 0 to get the “Apps Node” keychain.
  4. Create a sha256 hash of the (appDomain + salt from 2a), and transform it into hex
  5. Take this hash and transform it through this function to create an app index:
function hashCode(string) {
  let hash = 0;
  if (string.length === 0) return hash;
  for (let i = 0; i < string.length; i++) {
    const character = string.charCodeAt(i);
    hash = (hash << 5) - hash + character;
    hash = hash & hash;
  return hash & 0x7fffffff;
  1. Take the resulting app index and derive (hardened) the “Apps Node” keychain by this number.

Congratulations, you now have the app keychain, which contains both the private and public keys. The app address is made via transforming the public key through p2pkh, I forgot exactly how but yes.

That’s how it works, if you can understand this – it’s a lot of bitcoin deriving and whatnot.

If you want to see it in practice, I made Mercurius to do all of this automatically and allow you to download your app’s information – and even those files that are encrypted get decrypted by the app for you!

What does value field in profile.json -> app files correspond to ?
What URL to use to get user’s data that correspond to specific app ?

Is this information in official docs ?

These are apps that requested the publish_files scope when authenticating, so they have a link between their app domain and the bucket they own (for other users to know what bucket to access within the app).

Get the app’s bucket and use the url I specified above.

For deriving the app key? No, that’s in the blockstack-browser source code. For the profile.json jwt? Not that I know of, as it’s mostly internal stuff that modifies, signs, and verifies the integrity of it.

Per the FAQ:

Does application have own storage ? What is the bucket address for application, why we need this ?

When I try to get{app bucket address}/ I get error - The specified blob does not exist.

what is the app bucket address you are using?

I don’t feel like you understand how blockstack works quite well. Every user generates each app their own, unique bucket where only the app can write to when the user is signed into it. Every bucket address is unique (even among all users), and can only be created using the user’s private key and app’s domain.

I cannot recall specifically why it was done this way, but I’m sure it’s in a FAQ somewhere. The team behind Blockstack doesn’t do things trivially, I know that for certain.

How can i get My own bucket address; Thanks so much…

A bucket address is generated when the application is authenticated with the Blockstack Browser. You generally don’t mess with this application side, but you can look at the network requests in the browser developer tools when you make a putFile call from blockstack.js to see it at work.

Thanks Got it;