# Protocol Documentation

# ImmuService

Here a list of services exposed by immudb GRPc interface

# Database services

immudb gRPC & REST service IMPORTANT: All get and safeget functions return base64-encoded keys and values, while all set and safeset functions expect base64-encoded inputs.

# Database operational services

Following methods grant the basic immudb capabilities. Set and Get are the primitive. SafeSet and SafeGet counterparts do the primitive job but in addition they produce also inclusion and consistency proofs.

Method Name	Request Type	Response Type
Set	KeyValue	Index
SafeSet	SafeSetOptions	Proof
Get	Key	Item
SafeGet	SafeGetOptions	SafeItem

# Insertion order index services

Following methods rely on internal immudb insertion order index. Insertion order index is a special index appended on every leaf in the merkle tree. With this we benefit of the internal merkle tree natural insertion order index. When we retrieve elements by index a first lookup is made on the leaf at the same index to discover the element key, then a second lookup is realized to retrieve the value. BySafeIndex counterpart produces also the inclusion and consistency proofs.

Method Name	Request Type	Response Type	Description
ByIndex	Index	Item
BySafeIndex	SafeIndexOptions	SafeItem

# Secondary indexes services

Thanks to the lexicographical order in which internal data is structured we exposed following methods. Reference is like a "tag" operation, it append a reference on a key. As a consequence when we retrieve that reference/key with a Get or SafeGet the value retrieved will be the original value associated to the original key. SafeReference counterpart is the same but in addition it produces also the inclusion and consistency proofs. ZAdd operates internally in a similar manner to Reference but it introduces the concept of set. Inside a set we can organize collection of similar elements. When we add an elements to a collection we can specify his score using a float value. In ZAdd It's possible to specify also the index of the reference. In this way if there are multiple equals keys it will be inserted in the set the specified version. To retrieve elements we can use Zscan methods with return elements sorted by their score. If elements are inserted with same score they are returned in a lexicographical order. SafeZAdd counterpart produces also the inclusion and consistency proofs.

Method Name	Request Type	Response Type
Reference	ReferenceOptions	Index
SafeReference	SafeReferenceOptions	Proof
ZAdd	ZAddOptions	Index
ZScan	ZScanOptions	ItemList
SafeZAdd	SafeZAddOptions	Proof

# Tamperproofing services

Inclusion returns a path of nodes that can be used to prove that a node was correctly inserted inside the merkle tree. Consistency returns a path of nodes that can be used to prove that a subtree contained in the main merkle tree is still the same. CurrentRoot the last root of the tree. The suggest approach to detect malicious action is to use an SDK and safe* family methods.

Method Name	Request Type	Response Type
Inclusion	Index	InclusionProof
Consistency	Index	ConsistencyProof
CurrentRoot	.google.protobuf.Empty	Root

Method Name	Request Type	Response Type
IScan	IScanOptions	Page
Scan	ScanOptions	ItemList
Count	KeyPrefix	ItemsCount
History	Key	ItemList

# Administrative services

Method Name	Request Type	Response Type	Description
Health	.google.protobuf.Empty	HealthResponse
ListUsers	.google.protobuf.Empty	UserList
CreateUser	CreateUserRequest	UserResponse
ChangePassword	ChangePasswordRequest	.google.protobuf.Empty
UpdateAuthConfig	AuthConfig	.google.protobuf.Empty
UpdateMTLSConfig	MTLSConfig	.google.protobuf.Empty
PrintTree	.google.protobuf.Empty	Tree
Login	LoginRequest	LoginResponse
Logout	.google.protobuf.Empty	.google.protobuf.Empty
Dump	.google.protobuf.Empty	.pb.KVList stream
CreateDatabase	Database	CreateDatabaseReply	todo(joe-dz): Enable restore when the feature is required again rpc Restore(stream pb.KVList) returns (ItemsCount) { option (google.api.http) = { post: "/v1/immurestproxy/restore" body: "*" }; }
UseDatabase	Database	UseDatabaseReply
ChangePermission	ChangePermissionRequest	Error
SetActiveUser	SetActiveUserRequest	.google.protobuf.Empty
DatabaseList	.google.protobuf.Empty	DatabaseListResponse

Top

# schema.proto

# AuthConfig

Field	Type	Label	Description
kind	uint32

# ChangePasswordRequest

Field	Type	Label	Description
user	bytes
oldPassword	bytes
newPassword	bytes

# ChangePermissionRequest

Field	Type	Label	Description
action	PermissionAction
username	string
database	string
permission	uint32

# ConsistencyProof

Field	Type	Label
first	uint64
second	uint64
firstRoot	bytes
secondRoot	bytes
path	bytes	repeated

# Content

Field	Type	Label	Description
timestamp	uint64
payload	bytes

# CreateDatabaseReply

Field	Type	Label	Description
error	Error

# CreateUserRequest

Field	Type	Label	Description
user	bytes
password	bytes
permission	uint32
database	string

# Database

Field	Type	Label	Description
databasename	string

# DatabaseListResponse

Field	Type	Label	Description
databases	Database	repeated

# Error

Field	Type	Label	Description
errorcode	ErrorCodes
errormessage	string

# HealthResponse

Field	Type	Label	Description
status	bool
version	string

# IScanOptions

Field	Type	Label	Description
pageSize	uint64
pageNumber	uint64

# InclusionProof

Field	Type	Label
at	uint64
index	uint64
root	bytes
leaf	bytes
path	bytes	repeated

# Index

Field	Type	Label	Description
index	uint64

# Item

Field	Type	Label	Description
key	bytes
value	bytes
index	uint64

# ItemList

Field	Type	Label	Description
items	Item	repeated

# ItemsCount

Field	Type	Label	Description
count	uint64

# KVList

Field	Type	Label	Description
KVs	KeyValue	repeated

# Key

Field	Type	Label	Description
key	bytes

# KeyList

Field	Type	Label	Description
keys	Key	repeated

# KeyPrefix

Field	Type	Label	Description
prefix	bytes

# KeyValue

Field	Type	Label	Description
key	bytes
value	bytes

# Layer

Field	Type	Label	Description
l	Node	repeated

# LoginRequest

Field	Type	Label	Description
user	bytes
password	bytes

# LoginResponse

Field	Type	Label	Description
token	bytes
warning	bytes

# MTLSConfig

Field	Type	Label	Description
enabled	bool

# Node

Field	Type	Label	Description
i	bytes
h	bytes
refk	bytes
ref	bool
cache	bool
root	bool

# Page

Field	Type	Label	Description
items	Item	repeated
more	bool

# Permission

Field	Type	Label	Description
database	string
permission	uint32

# Proof

Field	Type	Label
leaf	bytes
index	uint64
root	bytes
at	uint64
inclusionPath	bytes	repeated
consistencyPath	bytes	repeated

# ReferenceOptions

Field	Type	Label	Description
reference	bytes
key	bytes

# Root

Field	Type	Label	Description
index	uint64
root	bytes

# SKVList

Field	Type	Label	Description
SKVs	StructuredKeyValue	repeated

# SPage

Field	Type	Label
items	StructuredItem	repeated
pageNum	uint64
more	bool

# SafeGetOptions

Field	Type	Label	Description
key	bytes
rootIndex	Index

# SafeIndexOptions

Field	Type	Label	Description
index	uint64
rootIndex	Index

# SafeItem

Field	Type	Label	Description
item	Item
proof	Proof

# SafeReferenceOptions

Field	Type	Label	Description
ro	ReferenceOptions
rootIndex	Index

# SafeSetOptions

Field	Type	Label	Description
kv	KeyValue
rootIndex	Index

# SafeSetSVOptions

Field	Type	Label	Description
skv	StructuredKeyValue
rootIndex	Index

# SafeStructuredItem

Field	Type	Label	Description
item	StructuredItem
proof	Proof

# SafeZAddOptions

Field	Type	Label	Description
zopts	ZAddOptions
rootIndex	Index

# ScanOptions

Field	Type	Label	Description
prefix	bytes
offset	bytes
limit	uint64
reverse	bool
deep	bool

# SetActiveUserRequest

Field	Type	Label	Description
active	bool
username	string

# StructuredItem

Field	Type	Label	Description
key	bytes
value	Content
index	uint64

# StructuredItemList

Field	Type	Label	Description
items	StructuredItem	repeated

# StructuredKeyValue

Field	Type	Label	Description
key	bytes
value	Content

# Tree

Field	Type	Label	Description
t	Layer	repeated

# UseDatabaseReply

Field	Type	Label	Description
error	Error
token	string

# User

Field	Type	Label
user	bytes
permission	uint32
permissions	Permission	repeated
createdby	string
createdat	string
active	bool

# UserList

Field	Type	Label	Description
users	User	repeated

# UserRequest

Field	Type	Label	Description
user	bytes

# UserResponse

Field	Type	Label	Description
user	bytes
permission	uint32

# ZAddOptions

Field	Type	Label	Description
set	bytes
score	double
key	bytes

# ZScanOptions

Field	Type	Label	Description
set	bytes
offset	bytes
limit	uint64
reverse	bool

# ErrorCodes

Name	Number	Description
Ok	0
ERROR_SELECTING_DATABASE	1
ERROR_NO_PERMISSION_FOR_THIS_DATABASE	2
ERROR_USER_HAS_NOT_LOGGED_IN	3
ERROR_DB_DOES_NOT_EXIST	4

# PermissionAction

Name	Number	Description
GRANT	0
REVOKE	1

# Scalar Value Types

.proto Type	Notes	C++	Java	Python	Go	C#	PHP	Ruby
double		double	double	float	float64	double	float	Float
float		float	float	float	float32	float	float	Float
int32	Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead.	int32	int	int	int32	int	integer	Bignum or Fixnum (as required)
int64	Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead.	int64	long	int/long	int64	long	integer/string	Bignum
uint32	Uses variable-length encoding.	uint32	int	int/long	uint32	uint	integer	Bignum or Fixnum (as required)
uint64	Uses variable-length encoding.	uint64	long	int/long	uint64	ulong	integer/string	Bignum or Fixnum (as required)
sint32	Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s.	int32	int	int	int32	int	integer	Bignum or Fixnum (as required)
sint64	Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s.	int64	long	int/long	int64	long	integer/string	Bignum
fixed32	Always four bytes. More efficient than uint32 if values are often greater than 2^28.	uint32	int	int	uint32	uint	integer	Bignum or Fixnum (as required)
fixed64	Always eight bytes. More efficient than uint64 if values are often greater than 2^56.	uint64	long	int/long	uint64	ulong	integer/string	Bignum
sfixed32	Always four bytes.	int32	int	int	int32	int	integer	Bignum or Fixnum (as required)
sfixed64	Always eight bytes.	int64	long	int/long	int64	long	integer/string	Bignum
bool		bool	boolean	boolean	bool	bool	boolean	TrueClass/FalseClass
string	A string must always contain UTF-8 encoded or 7-bit ASCII text.	string	String	str/unicode	string	string	string	String (UTF-8)
bytes	May contain any arbitrary sequence of bytes.	string	ByteString	str	[]byte	ByteString	string	String (ASCII-8BIT)