Methods
This is the task-oriented method reference. The authoritative machine-interface spec — the chunk wire object (chunk_lens, no decoy field), -32004, the node profile, and the regenerated OpenRPC — is Protocol · The dig RPC.
See What is the dig RPC? for an overview.
The dig RPC is a single POST endpoint speaking JSON-RPC 2.0. A request is a request object or a batch (a non-empty array of request objects); params is always a by-name object.
POST https://rpc.dig.net
Content-Type: application/json
{ "jsonrpc": "2.0", "id": <id>, "method": "<name>", "params": { … } }
For any well-formed JSON body the HTTP status is 200; success or a JSON-RPC error is carried in the envelope. Every method is a pure, idempotent read.
This method set is also published as an OpenRPC document — every method, its request/response JSON Schemas, and the catalogued error responses, against server https://rpc.dig.net. Point an OpenRPC client generator at it to get a typed client without reading this page.
Identifiers
All identifiers are lower-case hex on the wire.
| Identifier | Form | Meaning |
|---|---|---|
store_id | 64 hex (32 bytes) | The store's identity — the launcher id of its CHIP-0035 DataLayer singleton. The same value appears in the URN and every RPC call. |
root | 64 hex, or "latest" | A generation root — the on-chain content root of one capsule in the store's lineage. "latest" (or an absent root) resolves to the newest confirmed generation. |
retrieval_key | 64 hex (32 bytes) | The address of one resource: retrieval_key = sha256(urn). A one-way hash of the URN, so it locates a resource without revealing its path. |
| capsule identity | <store_id>:<root> | The canonical identity of one immutable store generation — the pair (store_id, root), written store_id:root. The byte methods address a capsule by this pair. |
The URN is urn:dig:chia:<store_id>/<path> (optionally ?salt=<hex>). The client derives the retrieval key (sha256 of the URN) and the AES-256-GCM-SIV decryption key (URN-derived, HKDF). Only the retrieval key is ever sent to a node.
dig.getContent
Stream one resource's ciphertext by retrieval key. This is the method behind every content view and public store link.
Params
| Field | Type | Required | Meaning |
|---|---|---|---|
store_id | hex(32) | yes | The store. |
retrieval_key | hex(32) | yes | sha256(urn) of the target resource. |
root | hex(32) or "latest" | no | Generation to read. Absent ≡ "latest". |
offset | uint | no | Byte offset for this chunk (default 0). See Streaming. |
length | uint | no | Requested chunk length; clamped to the node's max chunk. |
Result — a chunk object: ciphertext (base64), total_length, offset, length, complete, next_offset, inclusion_proof (base64 or null), chunk_lens (per-chunk ciphertext lengths, first window only), root (the resolved generation, hex), and program_hash (the served .dig's sha256, hex). Reassemble until complete, verify the proof over the whole ciphertext against root, split by chunk_lens, then decrypt. There is no decoy field — a miss is the capsule's own indistinguishable, non-verifying response (see the blind host model).
dig.getProof
Both proofs for a resource read by retrieval key:
- Inclusion proof (merkle) — REAL and SYNCHRONOUS: proves the served ciphertext is committed under the generation root. Returned immediately.
- Execution proof (ZK / risc0) — proves a node faithfully executed the serving computation. A real ZK proof takes far longer than a request, so it is produced asynchronously by the prover on Fargate; a forgeable mock is never served. This public method is read-only: it returns a real execution receipt when you pass a
proof_idyou already requested, and otherwise points you at the gated control plane that produces them.
Params
| Field | Type | Required | Meaning |
|---|---|---|---|
store_id | hex(32) | yes | The store. |
retrieval_key | hex(32) | yes | sha256(urn) of the resource. |
root | hex(32) or "latest" | no | Generation to prove. |
proof_id | string | no | An execution-proof job id (from the control plane) to return the real receipt for. |
Result
{ "inclusion_proof": "<base64 merkle proof>",
"program_hash": "23b491…",
"root": "a07c…4d",
"execution_proof": "<risc0 receipt | null>",
"execution_proof_status": "succeeded | running | queued | not_found | request_via_control_plane",
"node_pubkey": "…", "block_header": "…" }
The client verifies the inclusion proof over the reassembled ciphertext against the chain root (see Streaming). To obtain an execution proof, request one via the gated control plane (POST https://hub.dig.net/v1/stores/<store_id>/proof with kind=execution, which budgets/PoW-gates the expensive proving and drives the prover), then poll it here or via dig.getProofStatus.
dig.getProofStatus
Poll a REAL execution-proof job by id. Returns the job status and, when terminal, the real risc0 receipt + node_pubkey + block_header. Never a mock receipt.
Params
| Field | Type | Required | Meaning |
|---|---|---|---|
store_id | hex(32) | yes | The store. |
proof_id | string | yes | The job id returned when the proof was requested. |
Result — { "proof_id", "status": "queued|running|succeeded|failed", "receipt", "node_pubkey", "block_header", "root" }.
dig.getCapsule
Stream an entire compiled capsule — the whole .dig module for one generation — by (store_id, root). A capsule is that (store_id, root) pair: one immutable generation. This is how a client or peer node mirrors, verifies, or installs a capsule in full. The alias dig.getModule is accepted for identical behavior.
Params
| Field | Type | Required | Meaning |
|---|---|---|---|
store_id | hex(32) | yes | The store. |
root | hex(32) or "latest" | no | The generation (capsule) to download. Absent ≡ "latest". |
offset, length | uint | no | Chunk window. See Streaming. |
Result — a chunk object carrying capsule bytes. The capsule is the public, self-verifying module (its own store id and signed root are checked on install per DigStore), so inclusion_proof is null/empty here; integrity comes from the capsule's structure and the on-chain root. A module genuinely absent at the requested root yields -32004.