A deep dive into the NEO DAPI, an open protocol for connecting to NEO Clients
Last August we released the O3 Alliance SDK, a way for dAPPS to connect to NEO wallets without requiring them to store the users private keys themselves, and it was a great success. Many of you may have used Switcheo or NNS through the O3 wallet, which are powered via the Alliance SDK.
However we soon realized that there were pros and cons with the SDK that we created.
- Developer Simplicity: Just request signatures from O3 and then let the dapp broadcast transactions on behalf of users
- Poor User Experience: Endless dialogs that provided very little info to the user about what would actually happen on transaction signature
- Security that doesn’t scale: With a small number of dapps, we could easily monitor what each dapp is asking from users. As the number of dapps grows, the chances of malicious dapps increases
- Not a NEO standard: The core of an open protocol should be that it should be easy for any client to support it, without a standard interface ecosystem fragmentation is bound to happen.
- No support for multiple wallets/identities: At that time O3 was built around a single wallet architecture, now O3 supports an infinite amount of addresses
- No Ontology Support: Our original Alliance SDK only supported NEO, and given the similarity in chain infrastructure it makes sense to make something that is flexible enough to support both
So you can see that the pros of our original protocol were outweighed heavily by the cons, so we realized that we would need to reimagine how a user connects to a DAPP from O3, and how a DAPP connects to a user via O3, the gateway to the smart economy.
NEO DAPI V2
So what we tested and demo’s in December made use of version 2 of the protocol with vastly improved security and user experience.
Let’s look at how we addressed the previous cons the second version
Simplified User Experience
Before the user was presented with many uninformative dialogs, about what was happening when connecting to a dapp and signing transactions.
Instead we can compare it to this dialog which clearly illustrates what kind of transaction you are going to make. It also relies on another open standard, http://ogp.me/ in order to easily all the dapp to provide identifiable information that is already a tried and true standard in the industry. A user can now sign transactions without fear about what is going to happen next. This will also allow dapps to accept NEO signatures as authentication mechanisms, and NEO based tokens as payments.
What is security that doesn’t scale? Well when there is a small amount of DAPPs it’s very easy to do a manual vetting process on who can request transaction signatures. However, when the number of dapps increases the attack surface increases exponentially. If a dapp is malicious it could sneak in a request for a signature that would drain all your funds, without you realizing it 👻.
Previously we manually whitelisted dapps that were located in O3, and well as perform some basic transaction analysis in the code to make sure that the transactions were going to work as intended.
However, when transactions become more complex, and the number of dapps increases this is not a safe solution. That’s why it’s very important for the user to remain in control, and remain informed. In the new the protocol, the wallet has TWO main responsibilities.
- Generate the transaction + signature
- Broadcast the transaction to the network
Instead of the dapp generating the transaction, it instead provides a developer friendly request to the wallet to perform some action via the dAPI.
So the dapp would ask the wallet, “Can you please perform the send function on this contract.”
This developer friendly language is what allows the wallet to build UI’s that are user friendly. The user can trust the dAPP in a way that simply wasn’t possible before.
Previously we had developed the dAPI to be used solely by O3 applications, but for the growth of the ecosystem we needed to improve the openness of the protocol. Any wallet or dAPP can choose to conform to this protocol to attract more potential users.
The entire process has been documented on Github and we encourage more developers to come and discuss the standard as it is still not yet finalized :). We hope that will continue to gain more community support in the future.
Support for Multiple Wallets
In the future we believe that everyone will have multiple wallets/addresses. Why? At the most basic level, your address functions as your identity on the blockchain. Just like you have different credentials for different websites, you might want to provide different identity information to various websites. For instance it might not make sense to give an untrusted site, access to your address which contains 1000’s of dollars of cryptocurrency. If you had a second address, then you could provide it with a much more limited set of information, only as much as it NEEDED to know to get the job done.
In O3 when using the dAPI, you will be able to seamlessly transition between addresses/identities when connecting to websites. Giving you more control of your presence online.
There is an incredibly strong overlap between NEO + Ontology holders. This of course is due to the initial distribution of Ontology to NEO holders, but there are also a wide array of technical similarities. We believe that there can be a shared client for users to access the functionality of both the NEO and Ontology blockchains, so we integrated an Ontology version of the NEO dAPI as well.
We hope that in the future that users will have a standardized experience for interacting with both of these chains.
O3 has created an open protocol for connecting to NEO wallets by any DAPP. You can read the history of its development here.
If you’re a developer we’ve provided documentation on how to work with dapi located at
and all the necessary packages you need to get started here
In 2019, we’re looking to onboard more developers and users to this much enhanced user experience for interacting with blockchains, and formalize these standards across the community.
Please join us in making a more open, more user friendly blockchain ecosystem.
If you’d like to contact us another way, feel free to message us on twittter
or contact our support