I downloaded the blockstack browser, which runs on localhost:8888 – there are a list of apps there. the apps link to names which resolve via DNS instead of BNS. Why?
In the future, shouldn’t the assets be located via the Blockstack network, downloaded, verified, and run locally?
Second question re: decentralized APIs:
Let’s say I want to make API calls to Twilio using a Blockstack app. Is there a ‘Blockstack’ way to do these calls? Wouldn’t Twilio need to sign their responses with the Twilio/Blockstack private data key? Are there plans to support this?
Most importantly: do I have an incorrect mental model of this whole deal?
@y2kpr is correct that that feature is on our road map. We currently use the traditional DNS system for name resolution and delivery. We have plans to change that in the future,.
I think the best way to do this would be to have the user sign into the app and then the app could make Twilio calls on the user’s behalf. This would be done the same way you would integrate Twilio into any JS single page app.
Thanks @jackzampolin@y2kpr – Since the API calls to Twilio would be using the centralized web, would you expect, at some point, for Blockstack to support decentralized API invocation?
@jackzampolin say the API (can be something other than twilio) has a secret key that I do not want to embed in the client side js for security reasons. Does blockstack allow an intermediary place (that the client cannot see or modify) to execute the api call?
This use case is present for input validations as well. I posted a question about this here. Thanks!
@dougvk What do you envision decentralized API invocation looking like?
@y2kpr You can have the JS call out anywhere. If you are providing access to an API that you need to authenticate to, you could always build a pass through API to handle that key.
RE: your other post, we view the machine that the client is running on as a trusted compute platform and don’t foresee any issues with JS injection.
@jackzampolin it would look just like how APIs gets resolved, except using the blockstack infrastructure.
for example, twilio would have an api identity. this comes with an ownership key and a data key. all that would happen with the decentralized api is responses from twilio would be signed with their data private key, otherwise discarded. this would be twilio attesting to this data. the same way the twilio app assets would be attested by their data private key
