Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.canton.network/llms.txt

Use this file to discover all available pages before exploring further.

The Canton Admin API is a gRPC API exposed by every Canton node (participant, sequencer, mediator). It provides administrative operations that go beyond the Ledger API — managing keys, topology state, synchronizer connections, packages, users, pruning, and node health. Unlike the Ledger API, which handles command submission and transaction reads, the Admin API controls the node itself.
Do not expose the Admin API publicly without proper security controls. It serves administrative purposes only and grants full control over the node. Use TLS and restrict network access to trusted operators.

Admin API Services

The Admin API is split across two layers: the Ledger API admin services (defined in the com.daml.ledger.api.v2.admin package) and the Canton-specific admin services (accessed through the Canton console or direct gRPC calls).

Ledger API Admin Services

These services run on participant nodes alongside the Ledger API. They are defined in the gRPC Ledger API proto specifications.

Canton-Specific Admin Services

Canton extends the standard Ledger API admin services with operations specific to Canton’s architecture. Access these through the Canton Console or directly via gRPC.
  • Key management — generate, import, export, and rotate signing and encryption keys. List keys by purpose (signing, encryption) and view key metadata.
  • Topology management — inspect and modify the topology state: party-to-participant mappings, namespace delegations, synchronizer trust certificates, and package vetting. Topology transactions are the mechanism through which Canton nodes discover each other’s capabilities.
  • Synchronizer connectivity — connect participants to synchronizers, disconnect, reconnect, and list active connections. Manage synchronizer connection configurations and aliases.
  • Node health and status — query the node’s running status, health, and identity. Check whether the node has been initialized and retrieve its unique identifier.

Configuration

For synchronizer nodes, the Admin API is configured at the same level as other node settings:

Keep-Alive Settings

See the gRPC keep-alive documentation for details on how these parameters affect connection behavior.

TLS

For production deployments, use mutual TLS (mTLS) to authenticate both the server and the client.

Common Operations for App Developers

While the Admin API is primarily an operator tool, app developers interact with it during development and testing for tasks that the Ledger API does not cover. Party allocation — before your application can submit commands as a party, that party must exist on the participant. In production, operators generally handle this. During development with the Sandbox, you allocate parties yourself: 
dpm sandbox -- canton.participants(0).parties.enable("Alice")
Or via gRPC using the PartyManagementService.AllocateParty RPC. DAR uploads — your compiled Daml packages must be uploaded to the participant before contracts can be created. Note that dpm does not currently have a deploy command for uploading DARs to remote validators. For DAR uploads, use the Admin API directly (via PackageManagementService.UploadDarFile gRPC call, curl, or the Canton Console). User management — the Ledger API authorizes requests based on user rights (actAs, readAs, executeAs, readAsAnyParty, executeAsAnyParty). Create and configure users through UserManagementService to control which parties your application can operate as.

Ledger API

gRPC API for submitting commands and reading transactions

JSON API

HTTP/REST wrapper for the Ledger API

Splice APIs

Scan, Validator, and SV REST APIs

Canton Console Reference

Console commands for interacting with the Admin API