Administration
Managing your Stratos Vault instance through the admin panel.
Overview
The admin panel is a single unified interface with two authentication tiers that control what sections are available:
| Tier | Auth Method | Header | Sections |
|---|---|---|---|
| Admin | Wallet user with admin role | X-Admin-Token | Users, Assets, Registration Codes, Daml Packages, Canton Node |
| Superadmin | Staff account (username/password) | X-Superadmin-Token | Staff, Configuration, Apps, App Access, RPC, API Endpoints |
Both tiers use session tokens with 24-hour expiry.
Admin Sections
Users
View and manage wallet users.
| Action | How |
|---|---|
| View all users | Users tab shows username, display name, role, party ID |
| Change role | Click user → set role to user or admin |
| Assign Canton party | Click Assign Party to allocate a Canton party for ledger access |
| Delete user | Remove account and all associated data |
Onboarding flow:
- Create a registration code (optional, for controlled sign-ups)
- Share the code with the user
- User registers via WebAuthn passkey
- Admin assigns Canton party (or it auto-allocates)
Assets
Configure supported blockchain assets. Each asset has:
| Field | Description |
|---|---|
symbol | Token ticker (e.g., USDC) |
name | Display name |
chain | Primary chain (Ethereum, Solana, etc.) |
chain_type | Protocol type (evm, svm, btc, tron, ton) |
contract_address | On-chain contract address |
decimals | Token decimal precision |
is_native | Whether it's the chain's native token |
Multi-chain tokens (USDC, USDT) can have entries for each supported network via the asset chains sub-table.
Registration Codes
Control user sign-ups with one-time or multi-use codes.
| Field | Description |
|---|---|
max_uses | Number of allowed registrations |
expires_at | Optional expiration date |
code_type | general or custom type |
reserved_username | Lock code to a specific username |
Daml Packages
Upload and manage Canton Daml packages (DAR files):
- Click Upload DAR or drag-and-drop a
.darfile - The package is uploaded to the Canton participant
- Copy the returned
mainPackageIdfor use in apps
Canton Node Info
View Canton participant connectivity — node status, version, domain ID, and Splice network users.
Superadmin Sections
Staff Management
Create and manage superadmin staff accounts.
| Field | Description |
|---|---|
username | Login username |
password | Hashed with PBKDF2 (100K iterations, SHA-256) |
is_superadmin | true grants privilege to modify config, create API keys, manage apps |
display_name | Display name |
Only staff with is_superadmin = true can modify platform configuration. Non-privileged staff have read-only access to superadmin sections.
Configuration Overrides
Override wrangler.toml settings at runtime without redeploying:
| Key | Description | Valid Values |
|---|---|---|
RP_NAME | WebAuthn relying party name | Any string |
THEME | UI color theme | purple, teal, blue, green, orange, rose, slate, light |
ORG_NAME | Organization display name | Any string |
CHAT_AGENT_WEBHOOK_URL | Chat agent webhook URL | URL |
SPLICE_HOST | Splice validator host | Hostname |
CANTON_JSON_HOST | Canton JSON API host | Hostname |
MPC_ENABLED | Enable MPC signing | "true", "false" |
Set a value to null to revert to the wrangler.toml default.
Dock Apps
Manage apps available in the wallet dock:
| Field | Description |
|---|---|
name | App display name |
icon | Icon character or emoji |
color | Background color (hex, e.g., #6366f1) |
url | App URL (must support iframe embedding) |
zoom | Iframe zoom level (10–200%) |
sort_order | Display order |
is_enabled | Enable/disable without deleting |
Package status — the admin panel checks if each app's Daml package is installed on the Canton participant:
| Status | Meaning | Action |
|---|---|---|
| Installed | Package already on Canton | None needed |
| Install DAR | Package not installed | Click to install |
| N/A | App has no package endpoint | None needed |
| Error | Could not check | Verify app URL |
App Access Control
Restrict which wallet users can see and use specific dock apps. By default, apps are visible to all users. Use access control to limit availability per user.
RPC Endpoints
Configure blockchain RPC providers with priority-based failover:
| Field | Description |
|---|---|
chain_type | evm, btc, svm, tron, ton |
chain_name | Display name (e.g., Ethereum, Base) |
chain_id | EVM chain ID (e.g., 1 for Ethereum, 8453 for Base) |
network | mainnet or testnet |
rpc_url | Provider URL |
priority | 0 = primary, 1 = first fallback, 2 = second fallback |
For production, use dedicated RPC providers (Alchemy, Infura, QuickNode, ZAN).
Scoped API Endpoints
Create API keys that provide scoped, programmatic access to the Canton ledger for external services, bots, or integrations.
| Field | Description |
|---|---|
name | Descriptive name (e.g., "Trading Bot") |
party_id | Canton party the key acts as (autocomplete from user list) |
allowed_packages | Restrict to specific Daml packages (select apps to derive) |
allowed_choices | Restrict to specific contract choices |
rate_limit | Requests per minute (default: 60) |
Creating an endpoint:
- Click Add API Endpoint
- Enter a name and select the party
- Select dock apps to restrict access to their packages (optional)
- Set rate limit and choice restrictions (optional)
- Click Create — the API key (
cwp_...) is shown once - Copy the key immediately — it cannot be retrieved again
API keys are stored as SHA-256 hashes. All usage is recorded in audit logs accessible via the Logs button on each endpoint.
External services use the key with the Proxy API:
curl -X POST https://wallet.acme.com/api/proxy/query \
-H "X-API-Key: cwp_your_key_here" \
-H "Content-Type: application/json" \
-d '{"templateId": "abc123...#DeFi:Position"}'Backup & Restore
Backup is split into two separate files to preserve MPC key separation. Both are accessible from the admin panel under Configuration.
Why Backup Is Critical
Signing requires three things to align:
- User's passkey (hardware device — not backed up by us)
- D1 database — PRF-encrypted client key shares
- MPC Durable Objects — server key shares (on a separate system)
Loss of either #2 or #3 makes all user wallets permanently inaccessible. Regular backups protect against this.
Two Separate Backup Files
| Backup | Contains | Access | Admin Panel |
|---|---|---|---|
| Portal | D1 tables (encrypted client shares, users, config) | Superadmin token | Download / Restore buttons |
| MPC Signer | Durable Object server shares | Superadmin token + IP whitelist | Download / Restore buttons (fails if IP not whitelisted) |
The two files should be stored by different custodians in different systems. An attacker needs both files AND a user's physical passkey to reconstruct any private key.
Using the Admin Panel
- Go to Configuration in the superadmin panel
- Scroll to the Portal Backup and MPC Signer Backup cards
- Click Download to create a backup, Restore to upload one
Using the CLI
Portal backup:
curl -s -H "X-Superadmin-Token: $TOKEN" \
https://portal.example.com/api/superadmin/backup \
> portal-backup-$(date +%Y%m%d).jsonMPC signer backup (requires whitelisted IP):
curl -s -H "X-Superadmin-Token: $TOKEN" \
https://portal.example.com/api/superadmin/backup-mpc \
> mpc-backup-$(date +%Y%m%d).jsonPortal restore:
curl -s -X POST -H "X-Superadmin-Token: $TOKEN" \
-H "Content-Type: application/json" \
-d @portal-backup.json \
"https://portal.example.com/api/superadmin/restore?mode=merge"MPC signer restore (requires whitelisted IP):
curl -s -X POST -H "X-Superadmin-Token: $TOKEN" \
-H "Content-Type: application/json" \
-d @mpc-backup.json \
https://portal.example.com/api/superadmin/restore-mpcIP Whitelist
The MPC backup endpoints are restricted by IP whitelist, managed in the MPC Signer Backup card under Configuration.
| Whitelist state | Who can access MPC backup | Who can edit whitelist |
|---|---|---|
| Empty | Any IP (with superadmin token) | Any IP (with superadmin token) |
| Has IPs | Only listed IPs | Only listed IPs |
Recommended Schedule
| When | Why |
|---|---|
| Daily automated | Catch all new registrations |
| After bulk user onboarding | New MPC keys created |
| Before infrastructure changes | Domain, account, or worker migrations |
| Before Cloudflare account migration | Durable Objects are account-scoped |
Troubleshooting
Cannot Access Admin Panel
User doesn't have admin role:
wrangler d1 execute wallet-prod --remote \
--command="UPDATE users SET role = 'admin' WHERE username = 'yourusername';"Superadmin Login Fails
The default account is auto-created on first login. If credentials are lost:
wrangler d1 execute wallet-prod --remote \
--command="DELETE FROM superadmin_users; DELETE FROM superadmin_sessions;"DAR Upload Fails
- Check Canton participant is reachable (
CANTON_JSON_HOST) - Verify the DAR file is valid
- Check if the package is already uploaded
User Has No Party ID
Use the Assign Party button in the admin panel or call POST /api/admin/onboard-user.
Canton Tunnel Not Working
- Verify
cloudflaredis running:cloudflared tunnel list - Check tunnel config:
cat ~/.cloudflared/config.yml - Test connectivity:
curl https://your-tunnel-domain/health
Next Steps
- Getting Started — Installation with stratos-init
- Proxy API — Scoped API for external applications
- App Development — Build dock apps for your instance