Preparing and Signing Transactions Using External Party¶

High-level Signing Process¶

The basic steps of preparing and signing a transaction using an external party are as follows:

Creating a command - You start by simply creating a command.
Preparing the transaction - You send the command to the blockchain RPC, offered by your node, to prepare the transaction.
Validating the transaction - You inspect the transaction and decide whether to sign it.
Signing the transaction - Once validated, you sign the transaction hash using your private key (typically with ECDSA/EdDSA).
Submitting the transaction - You submit the signed transaction to be executed.
Observing the transaction - You observe the blockchain until the transaction is committed.

In the examples below, the SDK examples use the Pint app which comes pre-installed with the validator and the cURL examples show the underlying HTTP requests using Canton Coin following a token standard transfer.

How do I quickly execute a ping Command?¶

The following example uses the Ping app to show the whole transaction flow.

Below shows how to quickly execute a ping command against yourself on Splice LocalNet:

import {
    WalletSDKImpl,
    localNetAuthDefault,
    localNetLedgerDefault,
    localNetTopologyDefault,
    createKeyPair,
} from '@canton-network/wallet-sdk'
import { v4 } from 'uuid'
import { LOCALNET_SCAN_API_URL } from '../config.js'

// it is important to configure the SDK correctly else you might run into connectivity or authentication issues
const sdk = new WalletSDKImpl().configure({
    logger: console,
    authFactory: localNetAuthDefault,
    ledgerFactory: localNetLedgerDefault,
    topologyFactory: localNetTopologyDefault,
})

console.log('SDK initialized')

await sdk.connect()
console.log('Connected to ledger')

await sdk.userLedger
    ?.listWallets()
    .then((wallets) => {
        console.log('Wallets:', wallets)
    })
    .catch((error) => {
        console.error('Error listing wallets:', error)
    })

const keyPair = createKeyPair()
await sdk.connectTopology(LOCALNET_SCAN_API_URL)

console.log('generated keypair')
const allocatedParty = await sdk.topology?.prepareSignAndSubmitExternalParty(
    keyPair.privateKey
)
sdk.userLedger?.setPartyId(allocatedParty!.partyId)
console.log('Create ping command')
const createPingCommand = sdk.userLedger?.createPingCommand(
    allocatedParty!.partyId!
)
sdk.userLedger?.setPartyId(allocatedParty!.partyId!)

console.log('Prepare command submission for ping create command')
const prepareResponse = await sdk.userLedger?.prepareSignAndExecuteTransaction(
    createPingCommand,
    keyPair.privateKey,
    v4()
)

Creating a Command¶

Commands are the intents of an user on the validator, there are two kinds of commands: CreateCommand and ExerciseCommand.

The CreateCommand is used to create a new implementation of a template with the given arguments and can result in one or more new contracts being created. The ExerciseCommand takes an existing contract and exercises a choice on it, which also can result in new contracts being created.

In the Canton Network, it is often necessary to need to include input data when creating commands which needs to be read from the ledger. For example, which UTXOs to include in a transfer. This is private data which you read from your own node. It’s also often necessary to include contextual information in a transfer. For example, information about a particular asset which you don’t get from your own node - you get from an API provided by the asset issuer. See here <https://github.com/global-synchronizer-foundation/cips/blob/main/cip-0056/cip-0056.md> for more information.

The general process for forming a transaction is:

Call your own node’s RPC to get the current ledger end (think “latest block”)
Call your own node’s RPC to get relevant private data at ledger end (e.g. wallet’s holdings)
Call app/token specific APIs to get context information (e.g. mining round contracts)
Assemble the data into the full command using the OpenAPI/JSON or gRPC schemas.

In the examples below, the SDK example uses the AdminWorkflow inside the a validator to create a simple ping command. The ping command is sent to a recepient party who can then exercise the pong choice on the created contract (thereby archiving it). In the cURL example, we show the steps above gaining information from a validator and context information from the Canton Coin scan API.

The Wallet SDK allow us to build such a command easily:

import {
    WalletSDKImpl,
    localNetAuthDefault,
    localNetLedgerDefault,
} from '@canton-network/wallet-sdk'

const sdk = new WalletSDKImpl().configure({
    logger: console,
    authFactory: localNetAuthDefault,
    ledgerFactory: localNetLedgerDefault,
})
await sdk.connect()

const receiver = 'target-of-ping-party'

const command = sdk.userLedger?.createPingCommand(receiver)

# In the examples below, replace the following with your own values: "YOUR_NODE_JSON_API", "OFFSET_FROM_1", "WALLET_ID", "YOUR_CHOICE_OF_INPUT_CIDs",
# "SENDER_PARTY_ID", "RECEIVER_PARTY_ID"

# 1. Call your own node’s RPC to get the latest offset / ledger end
curl -X GET http://YOUR_NODE_JSON_API/v2/state/ledger-end

# 2. Get the contract ID of an active Amulet contract via
curl -X POST http://YOUR_NODE_JSON_API/v2/state/active-contracts -d 
'{  "verbose" : true, 
    "activeAtOffset": OFFSET_FROM_1, 
    "filter" : {
        "filtersByParty" : {
            "WALLET_ID" : {
                "cumulative":  
                    [{"identifierFilter": {
                        "InterfaceFilter": {
                            "value": {
                                "includeInterfaceView":true,
                                "includeCreatedEventBlob": false, 
                                "interfaceId": "#splice-api-token-holding-v1:Splice.Api.Token.HoldingV1:Holding"}}}}]}}}}'

# 3. Get context information for Canton Coin
    #3. a) the Registry admin party id:
curl -X GET https://scan.sv-1.global.canton.network.sync.global/registry/metadata/v1/info
# Example output:
# {"adminId":"DSO::1220b143…","supportedApis":{"splice-api-token-metadata-v1":1}}

    # 3. b) the instrument ID:
curl -X GET https://scan.sv-1.global.canton.network.sync.global/registry/metadata/v1/instruments
# Example output:
# "instrumentId" : {
#   "admin" : "DSO::1220b1431ef217342db44d516bb9befde802be7d8899637d290895fa58880f19accc",
#   "id" : "Amulet"}

    # 3. c) Get the TransferFactory and context from the asset admin:
curl -X POST -H "Content-Type: application/json" https://scan.sv-1.dev.global.canton.network.sync.global/registry/transfer-instruction/v1/transfer-factory -d '{
"choiceArguments" : {
  "expectedAdmin" : "DSO::1220be58c29e65de40bf273be1dc2b266d43a9a002ea5b18955aeef7aac881bb471a",
  "transfer" : {
    "sender" : "SENDER_PARTY_ID",
    "receiver" : "RECEIVER_PARTY_ID",
    "amount" : "1000.0",
    "instrumentId" : {
      "admin" : "DSO::1220be58c29e65de40bf273be1dc2b266d43a9a002ea5b18955aeef7aac881bb471a",
      "id" : "Amulet"
    },
    "requestedAt" : "2025-07-11T12:45:00Z",
    "executeBefore" : "2025-07-12T12:45:00Z",
    "inputHoldingCids" : [
      "YOUR_CHOICE_OF_INPUT_CIDs"
    ],
    "meta" : { "values" : {} }
  },
  "extraArgs" : {
    "context": { "values" : {} },
    "meta" : { "values" : {} }
  }
    }
  }'
# Example output:
# {
#   "factoryId": "009f00e5bf0…", – ContractId of the transferfactory to use
#   "transferKind": "direct", – type of transfer - see pre-approvals for more information
#   "choiceContext": { … }, – data to stick in the extra arguments
#   "disclosedContracts": [ … ] – any admin-private contracts on chain needed for preparation
# }



# 4. The information obtained can be used to construct the transfer and transaction in the prepare step:
#
# Transfer:
#   "transfer" : {
#     "sender" : "SENDER_PARTY_ID",
#     "receiver" : "RECEIVER_PARTY_ID",
#     "amount" : "1000.0",
#     "instrumentId" : {
#       "admin" : "DSO::1220b1431ef217342db44d516bb9befde802be7d8899637d290895fa58880f19accc",
#       "id" : "Amulet"
#     },
#     "requestedAt" : "2025-08-11T12:45:00Z",
#     "executeBefore" : "2025-08-12T12:45:00Z",
#     "inputHoldingCids" : [
#   "YOUR_CHOICE_OF_INPUT_CIDs"
#     ],
#     "meta" : { "values" : {} }
#   }

For the SDK ping example, the underlying code that creates the command is:

createPingCommand(partyId: string) {
        return [
            {
                CreateCommand: { // we are performing a CreateCommand
                    templateId: '#AdminWorkflows:Canton.Internal.Ping:Ping', //template id of the ping contract
                    createArguments: { // the arguments to the ping contract
                        id: v4(), // an unique id for the ping. Here we use the JS uuid library to generate a v4 UUID
                        initiator: this.partyId, //our party id
                        responder: partyId, //the party we are pinging
                    },
                },
            },
        ]
    }

Preparing the Transaction¶

Now that we have a command we need to prepare the transaction by calling a node’s RPC API which will return an unsigned transaction. It must be a validator which hosts the party initiating the transaction as private information is needed to construct the transaction. This is unlike other chains where you construct the transaction fully offline using an SDK. A transaction is a collection of commands that are atomic, meaning that either all commands succeed or none of them do.

Note: contractId’s are pinned as part of prepare step, the execution of the transfer will only go succeed if the contractId’s haven’t been archived between preparation and execution steps.

To prepare a transaction we need to send the commands to the ledger.

import {
    WalletSDKImpl,
    localNetAuthDefault,
    localNetLedgerDefault,
} from '@canton-network/wallet-sdk'
import { v4 } from 'uuid'

const sdk = new WalletSDKImpl().configure({
    logger: console,
    authFactory: localNetAuthDefault,
    ledgerFactory: localNetLedgerDefault,
})

await sdk.connect()

const receiver = 'target-of-ping-recieving-party'

const command = sdk.userLedger?.createPingCommand(receiver)

const transaction = await sdk.userLedger?.prepareSubmission(
    command, //the prepared ping command
    v4() //a unique deduplication id for this transaction
)

# In the example below, replace the values with your own

# PrepareTransaction call with all the inputs gathered.
 curl -X POST http://YOUR_NODE_JSON_API/v2/interactive-submission/prepare -d {
    "userId" : "USER_ID",
    "commandId" : "curl-transfer-test",
    "actAs" : ["SENDER_PARTY_ID"],
    "readAs" : [],
    "synchronizerId": "global-domain::1220be58c29e65de40bf273be1dc2b266d43a9a002ea5b18955aeef7aac881bb471a",
    "verboseHashing": false,
    "packageIdSelectionPreference" : [],
    "commands" : [ {
      "ExerciseCommand" : {
        "templateId" : "#splice-api-token-transfer-instruction-v1:Splice.Api.Token.TransferInstructionV1:TransferFactory",
        "contractId" : "009f00e5bf0…",
        "choice" : "TransferFactory_Transfer",
        "choiceArgument" : { 
          ... ,
          "extraArgs" : {
            "context": { ... },
            ...
          }
        }
      }
    } ],
    "disclosedContracts" : [ … ]
  }

The return type is an unsigned transaction if the combination of the commands are possible, otherwise an error is returned. The transaction can then be visualised and signed by the party.

Validating the Transaction¶

The result from the prepare step is an encoded protobuf message and easily decoded and inspected to go through a policy engine, for example. The transaction is returned alongside with the hash that needs to be signed. If the validator is not controlled by you, then it might be a good idea to validate that the transaction is what you expect it to be. You can use the Wallet SDK to visualize the transaction as described in the Visualizing a transaction section.

On top of visualizing the transaction, it’s also important to compute the transaction hash yourself and confirm that it matches the hash of the transaction provided by the validator from the prepare step.

The hash can be computed using the Wallet SDK:

import { TopologyController } from '@canton-network/wallet-sdk'

const transaction = {
    preparedTransaction: 'encoded-transaction-bytes-base64',
    preparedTransactionHash:
        'hash-of-the-encoded-transaction-that-needs-to-be-signed',
    hashingSchemeVersion: 'hashing-scheme-version',
}

const hash = TopologyController.createTransactionHash(
    transaction.preparedTransaction
)

You can then compare the hash with the transaction.preparedTransactionHash to ensure they match.

Signing the Transaction¶

Once the transaction is validated, the hash retrieved from the prepare step can be signed using the private key of the party.

Below shows an example in the Wallet SDK and using cURL commands:

import { signTransactionHash } from '@canton-network/wallet-sdk'

const transaction = {
    preparedTransaction: 'encoded-transaction-bytes-base64',
    preparedTransactionHash:
        'hash-of-the-encoded-transaction-that-needs-to-be-signed',
    hashingSchemeVersion: 'hashing-scheme-version',
}

const privateKey = 'your-private-key-here'

const signature = signTransactionHash(
    transaction.preparedTransactionHash,
    privateKey
)

# In this example the hash is signed using openssl and "PREPARE_TRANSACTION_RESPONSE.json" is the JSON output from the prepare 
# transaction step is here. "PRIVATE_KEY_FILE" should be the private key of the namespace of the external party. For more information
# on the openssl commands to generate the key see here: https://docs.digitalasset.com/build/3.3/tutorials/app-dev/external_signing_topology_transaction.html#signing-keys

TRANSACTION_HASH=$(cat create_ping_prepare_response.json | jq -r .prepared_transaction_hash)
PREPARED_TRANSACTION=$(cat create_ping_prepare_response.json | jq -r .prepared_transaction)
SIGNATURE=$(echo -n "$TRANSACTION_HASH" | base64 --decode | openssl pkeyutl -rawin -inkey "PRIVATE_KEY_FILE" -keyform DER -sign | openssl base64 -e -A)

Submitting the Transaction¶

Once the transaction is signed, it can be executed on the validator. You can observe completions by seeing the committed transactions. If they don’t appear on your ledger, you are guaranteed some response, and you can keep retrying; signed transactions are idempotent. Finality usually takes 3-10s.

import {
    localNetAuthDefault,
    localNetLedgerDefault,
    WalletSDKImpl,
} from '@canton-network/wallet-sdk'
import { v4 } from 'uuid'

const sdk = new WalletSDKImpl().configure({
    logger: console,
    authFactory: localNetAuthDefault,
    ledgerFactory: localNetLedgerDefault,
})

await sdk.connect()

const transaction = {
    preparedTransaction: 'encoded-transaction-bytes-base64',
    preparedTransactionHash:
        'hash-of-the-encoded-transaction-that-needs-to-be-signed',
    hashingSchemeVersion: 'hashing-scheme-version',
}
const publicKey = 'your-public-key-here'
const signature = 'your-signed-transaction-hash-here'

sdk.userLedger?.executeSubmission(transaction, signature, publicKey, v4())

curl http://localhost:7575/v2/interactive-submission/execute -d {
    "preparedTransaction": "$PREPARED_TRANSACTION",
    "hashingSchemeVersion": "HASHING_SCHEME_VERSION_V2",
    "userId": "USER_ID",
    "submissionId": "51dd5a0e-2ab6-4ca4-aa9d-9333fb603eb0",
    "deduplicationPeriod": {
        "Empty": {}
    },
    "partySignatures": {
        "signatures": [
            {
                "party": "PARTY_ID",
                "signatures": [
                {
                    "format": "SIGNATURE_FORMAT_CONCAT",
                    "signature": "$SIGNATURE",
                    "signingAlgorithmSpec": "SIGNING_ALGORITHM_SPEC_EC_DSA_SHA_256",
                    "signedBy": "FINGERPRINT"
                }
                ]
            }
        ]
    }
}