What are macaroon files in LND

In this post we will review what are the macaroon files used in the implementation of Lightning Network LND and what is its operation. We will implement the use of a remote invoice.macaroon file that will allow us to perform certain operations on the invoices by creating and paying a 1 satoshi invoice.

What are macaroon files?

Macaroon files are a kind of cookie used by the lncli client and the lnd server to verify that you have the right to perform certain operations on a Lightning Network node. When the files are generated, the service searches for the macaroon ID and verifies that said file was initially signed with the service’s root key. One of the special characteristics of macaroon files is that you can generate files with limited capabilities on the node such as generating invoices and sharing it with someone else.

By default, when the lnd service is started, 3 macaroon files are created, which are admin.macaroon, readonly.macaroon and invoice.macaroon. As the name implies, the readonly allows only to execute read-only commands, the invoice only commands related to the invoices and the admin allows the complete administration of the node.

What are these files for?

Lnd allows to execute RPC methods by default by exposing a REST service and uses the macaroon for validation and authentication. It must be taken into account that if lnd is executed with the –no-macaroons option, the server will not take into account any validation call. To verify its operation we must use a GRPC client that access the rest service of LND through https. Since the macaroon files are encoded as a hexadecimal string, they must be sent in that format to achieve the connection. For this case we have collaborated with a remote lnd node operator to be able to access your node remotely using the invoice.macaroon file that he has shared with us. Then we have obtained the hexa string of the file using the xxd command referred to in the documentation of the following repository.

In order to implement the use of this functionality we have cloned the repository located at https://github.com/robclark56/lightningtip-PHP/blob/master/frontend/lightningTip.php by modifying the connection string to access your node.

To verify that the hexadecimal string of the invoice file of the remote node is well coded, we must execute a call to the server using CURL from the console. Executing this command allows us to access the API and call the getinfo method:

As the invoice macaroon file does not give us permission to execute the getinfo command we get error.
However, calling the invoices method lists all the invoices: (we have hidden some strings and the Public IP address).

Subsequently we have modified the lightningTip.php file to change the display as the window located on the upper right.
It is appreciated that we have created an invoice with description «proof» and have paid it. Checking the invoice after this we see that it has been created and paid correctly on the remote node.

With these steps we can use one of the functionalities of the macaroon files to create and pay bills for any LND Node that has shared your file with us.


Artículo anterior

Que son los ficheros macaroon en lnd

Siguiente artículo

Que es Lightning Charge