- I currently have a setup where an organization is running a node, and end-users communicate with this node via a REST API.
- I have used a node wrapper where I'm exposing a REST API with url's to do things like publishing to a stream, querying a stream,etc, by connecting to that node.
- The problem here is that a end-client needs to fully trust whoever is hosting this API layer, since they aren't: a) Running their own node, b) directly communicating with the node itself; When the client makes a POST call, the API layer might change something before publishing it to the stream, and similarly display ficticious data while doing a GET to query the stream.
So right now, if the client doesn't trust the API layer, the only way it can trust its data integrity is by hosting its own node which connects to the main blockchain, after which it can query it.
Am I understanding this situation correctly, and if yes, is there any workaround to this?
Like an SDK (on the roadmap?) which would directly communicate with the node instead of doing REST calls to invoke JSON-RPC API?