Category: EOS (EOS)

Steem multi-authority permissions and how Posting authority works

In one of my recent blog post I have used simple analogy of the keys on Steem. In this post, I want to dive deeper to give some practical use cases of posting authority and private key permissions. Also hoping to shed some light on new feature on eSteem and how it works. There are probably articles that gives you overall picture of what multi-authority is and for what reason it can be used. @xeroc also made detailed post about multi-signature and its usage with piston library few month back.

Analogy I have used in recent post is:

You can share any of the permissions with other accounts on Steem.
Just like, you can rent out room in your house or have more than one passcode to access safe/vault or joint ownership of property/house…

You can add any account or private key to your permissions!

Let’s take example, you and your friend built @XYZ company/community here on Steem and you both want to share posting authority of that community account. This is how you would do it with steemjs…

steem.api.getAccounts([XYZ], function(err, response){
     if (response) {
       var account = response[0];
       var postingAuth = account.posting;

       //adding permission
       postingAuth.account_auths.push(['youraccount', postingAuth.weight_threshold]);

       steem.broadcast.accountUpdate(wif, XYZ, undefined, undefined, 
           postingAuth, undefined, account.json_metadata, function(err, result) {
         // youraccount got posting authority for XYZ

Another example, with recent update on eSteem app, if you want to schedule posts you would allow posting authority for @esteemapp so that posts can be automatically scheduled/published upon your request.

Image on a right side, shows how my account @good-karma shares posting authority with @esteemapp and @streemian. To give/remove posting authority one should use their active private key to sign transaction. esteemapp or streemian doesn’t have access to my posting private key but they have authority to post on my behalf. This permission can be revoked anytime. The system is designed such a way to enable multiple applications with just single feature. And there are dozen application and use cases on Steem.

So now I have given permission, how it can be used or utilized by @esteemapp or @streemian?! Let’s show an example of that as well.

Using authority is just as simple as submitting posts/comments or voting. Steem already recognizes who is publishing the post and if they have the permission to do so.

operations_array = [
    ['comment', {
                        parent_author: "",
                        parent_permlink: category,
                        author: XYZ,
                        permlink: permlink,
                        title: title,
                        body: body,
                        json_metadata: json
//wif is private posting key for youraccount

steem.broadcast.send({ operations: operations_array, extensions: [] }, 
             { posting: wif }, function(err, res) {
    //youraccount published post on behalf of XYZ account.

That’s in a nutshell how it works!
Before you give permission and authority to any other accounts, beware or make sure you trust them.

This process is straight-forward when using eSteem, just enable permission to add @esteemapp to your posting authority so when you schedule posts, esteemapp can publish post on your behalf. Without permission, esteemapp won’t be able to publish post for you when you schedule a post. This is most secure way of doing scheduling posts without asking user for their private posting key.

Alternative method from what I have heard, mostly users sharing same private posting key which in case of dispute both of them will loose access by changing account keys altogether. Above feature allows you to easily control authority without needing to change your keys.

Sharing authority is safest and convenient way, rather than sharing private key directly. Always know how your private keys are being used and who has access to them. Use them with caution!

That’s it, hope it helps to clarify how scheduling post feature works on eSteem and how multi-authority works on Steem. In future, I will talk about other authority and their uses cases…

Steem on!

vote witness good-karma