feat: 5800 Add API Endpoints for Token Transfers

* - Added token transfer APIs (sync and async) under /tokens controller path (same as token associate API patterns)
- Added service functions for token transfer
- Added support for both FT and NFT token transfers
- NFT transfers support with and without serial numbers mentioned
- Added new TaskAction typer for token transfers
- Added MessageAPI enum for token transfer functions (sync and async)
- Minor lint style fixes
- Fixed conflicts

* - Added batching for transactions exceeding maximum batch size for NFT (async)
- Restricted sync NFT transaction calls to limit amount to less than the batch size

* - Removed duplicated code and added common transferTokenCore() function
* - Moved self-transfer guard before vault call
* - Rounded the token value
* - Changed retry attempts to 1 from 3
* - Removed Promise.all() on NFT transfer and made it sequencial
* - Added TransferTokenDTO and fixed the API bodies
---------
Signed-off-by: OshanM <oshanm@xeptagon.com>

Author: OshanM

api-gateway/src/api/service/tokens.ts

@@ -4,7 +4,7 @@ import { IAuthUser, PinoLogger, RunFunctionAsync } from '@guardian/common';
 import { Body, Controller, Delete, Get, HttpCode, HttpException, HttpStatus, Param, Post, Put, Query, Req, Response, Version } from '@nestjs/common';
 import { AuthUser, Auth } from '#auth';
 import { ApiAcceptedResponse, ApiBody, ApiCreatedResponse, ApiExtraModels, ApiForbiddenResponse, ApiInternalServerErrorResponse, ApiNotFoundResponse, ApiOkResponse, ApiOperation, ApiParam, ApiQuery, ApiTags, ApiUnprocessableEntityResponse } from '@nestjs/swagger';
-import { Examples, InternalServerErrorDTO, ObjectExamples, TaskDTO, TokenDTO, TokenInfoDTO, UnprocessableEntityErrorDTO, pageHeader } from '#middlewares';
+import { Examples, InternalServerErrorDTO, ObjectExamples, TaskDTO, TokenDTO, TokenInfoDTO, TransferTokenDTO, UnprocessableEntityErrorDTO, pageHeader } from '#middlewares';
 import { TOKEN_REQUIRED_PROPS } from '#constants';
 
 /**
@@ -1116,6 +1116,111 @@ export class TokensApi {
         return task;
     }
 
+    /**
+     * Transfer token
+     */
+    @Post('/:tokenId/transfer')
+    @Auth(
+        Permissions.TOKENS_TOKEN_EXECUTE,
+    )
+    @ApiOperation({
+        summary: 'Transfers tokens from the authenticated user to the target account.',
+        description: 'Transfers fungible or non-fungible tokens from the authenticated user\'s Hedera account to the specified target account. For FT, specify amount. For NFT, specify serialNumbers or amount (picks from end).',
+    })
+    @ApiParam({
+        name: 'tokenId',
+        type: String,
+        description: 'Token ID',
+        required: true,
+        example: Examples.DB_ID
+    })
+    @ApiBody({ type: TransferTokenDTO })
+    @ApiOkResponse({
+        description: 'Successful operation.',
+    })
+    @ApiInternalServerErrorResponse({
+        description: 'Internal server error.',
+        type: InternalServerErrorDTO
+    })
+    @ApiExtraModels(InternalServerErrorDTO)
+    @HttpCode(HttpStatus.OK)
+    async transferToken(
+        @AuthUser() user: IAuthUser,
+        @Param('tokenId') tokenId: string,
+        @Body() body: TransferTokenDTO
+    ): Promise<any> {
+        try {
+            if (!user.did) {
+                throw new HttpException('User is not registered.', HttpStatus.UNPROCESSABLE_ENTITY);
+            }
+            const owner = new EntityOwner(user);
+            const guardians = new Guardians();
+            return await guardians.transferToken(tokenId, body, owner);
+        } catch (error) {
+            await this.logger.error(error, ['API_GATEWAY'], user.id);
+            if (error?.message?.toLowerCase().includes('user not found')) {
+                throw new HttpException('User not found.', HttpStatus.NOT_FOUND);
+            }
+            if (error?.message?.toLowerCase().includes('token not found')) {
+                throw new HttpException('Token does not exist.', HttpStatus.NOT_FOUND);
+            }
+            if (error instanceof HttpException) {
+                throw error;
+            }
+            throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+        }
+    }
+
+    /**
+     * Transfer token (async)
+     */
+    @Post('/push/:tokenId/transfer')
+    @Auth(
+        Permissions.TOKENS_TOKEN_EXECUTE,
+    )
+    @ApiOperation({
+        summary: 'Transfers tokens from the authenticated user to the target account.',
+        description: 'Transfers fungible or non-fungible tokens asynchronously. Returns a task ID for tracking.',
+    })
+    @ApiParam({
+        name: 'tokenId',
+        type: String,
+        description: 'Token ID',
+        required: true,
+        example: Examples.DB_ID
+    })
+    @ApiBody({ type: TransferTokenDTO })
+    @ApiOkResponse({
+        description: 'Successful operation.',
+        type: TaskDTO
+    })
+    @ApiInternalServerErrorResponse({
+        description: 'Internal server error.',
+        type: InternalServerErrorDTO
+    })
+    @ApiExtraModels(TaskDTO, InternalServerErrorDTO)
+    @HttpCode(HttpStatus.ACCEPTED)
+    async transferTokenAsync(
+        @AuthUser() user: IAuthUser,
+        @Param('tokenId') tokenId: string,
+        @Body() body: TransferTokenDTO
+    ): Promise<TaskDTO> {
+        if (!user.did) {
+            throw new HttpException('User is not registered.', HttpStatus.UNPROCESSABLE_ENTITY);
+        }
+        const owner = new EntityOwner(user);
+        const taskManager = new TaskManager();
+        const task = taskManager.start(TaskAction.TRANSFER_TOKEN, user.id);
+        RunFunctionAsync<ServiceError>(async () => {
+            const guardians = new Guardians();
+            await guardians.transferTokenAsync(tokenId, body, owner, task);
+        }, async (error) => {
+            await this.logger.error(error, ['API_GATEWAY'], user.id);
+            taskManager.addError(task.taskId, { code: error.code || 500, message: error.message });
+        });
+        return task;
+    }
+
     /**
      * KYC
      */

api-gateway/src/helpers/guardians.ts

@@ -476,6 +476,55 @@ export class Guardians extends NatsService {
         });
     }
 
+    /**
+     * Transfer token
+     * @param tokenId
+     * @param body
+     * @param owner
+     */
+    public async transferToken(
+        tokenId: string,
+        body: {
+            targetAccount: string,
+            amount?: number,
+            serialNumbers?: number[],
+            memo?: string
+        },
+        owner: IOwner
+    ): Promise<any> {
+        return await this.sendMessage(MessageAPI.TRANSFER_TOKEN, {
+            tokenId,
+            body,
+            owner,
+        });
+    }
+
+    /**
+     * Async transfer token
+     * @param tokenId
+     * @param body
+     * @param owner
+     * @param task
+     */
+    public async transferTokenAsync(
+        tokenId: string,
+        body: {
+            targetAccount: string,
+            amount?: number,
+            serialNumbers?: number[],
+            memo?: string
+        },
+        owner: IOwner,
+        task: NewTask
+    ): Promise<NewTask> {
+        return await this.sendMessage(MessageAPI.TRANSFER_TOKEN_ASYNC, {
+            tokenId,
+            body,
+            owner,
+            task,
+        });
+    }
+
     /**
      * Get token info
      * @param tokenId

api-gateway/src/middlewares/validation/schemas/token.dto.ts

@@ -1,4 +1,5 @@
 import { ApiProperty } from '@nestjs/swagger';
+import { ArrayMinSize, IsArray, IsInt, IsNotEmpty, IsNumber, IsOptional, IsPositive, IsString, Min, ValidateIf } from 'class-validator';
 import { Examples } from '../examples.js';
 
 export class TokenDTO {
@@ -205,3 +206,29 @@ export class TokenInfoDTO {
     })
     enableWipe?: boolean;
 }
+
+export class TransferTokenDTO {
+    @ApiProperty({ type: String, description: 'Target Hedera account ID', example: '0.0.12345' })
+    @IsString()
+    @IsNotEmpty()
+    targetAccount: string;
+
+    @ApiProperty({ type: Number, description: 'Amount (FT) or serial count to pick (NFT); must be > 0', required: false, example: 10 })
+    @ValidateIf(o => !o.serialNumbers?.length)
+    @IsNumber()
+    @IsPositive()
+    amount?: number;
+
+    @ApiProperty({ type: [Number], description: 'Specific NFT serial numbers to transfer; positive integers', required: false, example: [1, 2, 3] })
+    @IsOptional()
+    @IsArray()
+    @IsInt({ each: true })
+    @Min(1, { each: true })
+    @ArrayMinSize(1)
+    serialNumbers?: number[];
+
+    @ApiProperty({ type: String, description: 'Optional transaction memo', required: false })
+    @IsOptional()
+    @IsString()
+    memo?: string;
+}

configs/.env..guardian.system

@@ -13,8 +13,8 @@ HEDERA_NET="testnet" # valid options: mainnet, testnet, previewnet, local-node
 PREUSED_HEDERA_NET="testnet"
 
 # TESTNET
-OPERATOR_ID="..."
-OPERATOR_KEY="..."
+OPERATOR_ID="0.0.8482539"
+OPERATOR_KEY="3030020100300706052b8104000a0422042033694cd14257b371ee040d86246794497831aa892986a0283563c95579487cd6"
 INITIALIZATION_TOPIC_ID="0.0.1960"
 SR_INITIAL_PASSWORD="..."
 
@@ -41,12 +41,14 @@ OVERRIDE_HEDERA_CONSENSUS_NODES={"0.testnet.hedera.com:50211":"0.0.3"}  # object
 OVERRIDE_HEDERA_MIRROR_NODES=["testnet.mirrornode.hedera.com:443"]  # array of base URLs: ["http://10.0.2.15:8090", "http://10.0.2.15:8090", ...]
 OVERRIDE_HEDERA_MIRROR_NODES_BASE_API="/api/v1"
 
+
 # MAX_TRANSACTION_FEE="10"
 
 # ADDRESSING / SERVICES
 # ----------------------
-JWT_PRIVATE_KEY="..."
-JWT_PUBLIC_KEY="..."
+
+JWT_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\nMIICWwIBAAKBgFLH4kaMzvFfR6HHx3fSeGVGnmI6az7ryV06+EWGDL3LMX7XP9mP\nvaqvW+Vj2oTKohB1jrfA12xSgsJzrX9geKLjy/avXSBtUUFfAsxoqB0RTlS1hLXL\ntuxJZzLxBZ+es8KwETxSvhkl2ft8D7nCA7Hhl+ieUUU4Pp8RE3FpSOSVAgMBAAEC\ngYA4NHDk99vWNJv9MxiyuVt3X/BPv1xrt0ncHBrPkYl7H8g2V82JWTgs+K1LXXXT\nrYVF6ZuCFdPuP0N65XHKR2UAZO0FRrrnNHfTuRqStpSFjKfY+gU5KeakcNNgZ3bH\nsPbhSWDmeJduGUZoeyD4PsgOuU98go2ZzbLZuLdS9jRuAQJBAKNfDgcqY8dSW+VF\ns88N8FL5Y3frz0we+5bNxODFIgjgBWXGpq2UeAoEG1C7RuobAKbWkf6xKzyaEs6w\nfj196RUCQQCBt1BRzqG0PYwvsvXDdg4y4LZupGH5CfMJWNrPszJo4raqslO6W6NN\naeDIIXM69Emv5o6M1bam/gH3apYTVu2BAkEAgehnDjmd5/RMkI6RgXbTABfBCa3g\nQ+ZrJqpvAFChVK9We2ywQ1zI6yYC1npk1GkuZnw+0WjuOZ1GkUZ0y87gVQJACPbT\nHSQrdpo+QtmaNEzHRGrVEKZZgu1WF1JFpM7cb/Ui7H7wXFOS4HmtqAbvwKY7JWXI\neiEWw0mQdzmtb161gQJARGuEUqcmt9mZZoFiITpLwW/gNt7xqEeVy3kAFwa2iFyj\ncT0lsNwFzE2BdrlpR3+wdWaJ+WjYjrQBSaGMmobtrA==\n-----END RSA PRIVATE KEY-----"
+JWT_PUBLIC_KEY="-----BEGIN PUBLIC KEY-----\nMIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgFLH4kaMzvFfR6HHx3fSeGVGnmI6\naz7ryV06+EWGDL3LMX7XP9mPvaqvW+Vj2oTKohB1jrfA12xSgsJzrX9geKLjy/av\nXSBtUUFfAsxoqB0RTlS1hLXLtuxJZzLxBZ+es8KwETxSvhkl2ft8D7nCA7Hhl+ie\nUUU4Pp8RE3FpSOSVAgMBAAE=\n-----END PUBLIC KEY-----"
 MQ_ADDRESS="message-broker"
 MQ_MAX_PAYLOAD="1048576"
 
@@ -60,11 +62,11 @@ TASK_TIMEOUT="300"
 REFRESH_INTERVAL="60"
 
 IPFS_TIMEOUT="720" # seconds
-IPFS_PROVIDER="web3storage" # valid options: 'filebase', 'web3storage', 'local'
-IPFS_STORAGE_KEY="..." # only valid for web3storage provider; ignored in other cases
-IPFS_STORAGE_PROOF="..." # only valid for web3storage provider; ignored in other cases
-IPFS_PUBLIC_GATEWAY='https://{cid}.ipfs.w3s.link' # use this for public providers (filebase, web3storage, etc.)
-#IPFS_PUBLIC_GATEWAY='http://ipfs-node:8080/ipfs/{cid}' # use this for local provider
+IPFS_PROVIDER="local" # valid options: 'filebase', 'web3storage', 'local'
+IPFS_STORAGE_KEY="MgCbips6BrwUVX29/AI6OiFF9GUUIsBLp2IkZxjvSJD3f3+0BHSDMaF1YREFkQQ/K9bpn/5/aQCfHT4uJ1kYZ3GXPEUw=" # only valid for web3storage provider; ignored in other cases
+IPFS_STORAGE_PROOF="mAYIEAO4ROqJlcm9vdHOB2CpYJQABcRIgFFfOthryzfMbaVnOHZZOSLcZUPh6gCHK+OJyV4t+hOxndmVyc2lvbgHUAgFxEiCYAtkNFCeaicC0B8IsMVq05T8vu8M77Bzz4WtM2QfZRqhhc1hE7aEDQP9IoyRYRgTNr62qKqqw6p9fBymgMP1NTG7hBgBhfODK2NI10lSMXs8CxkPmWNzF2wtXzZVAOCibUh997CeCpwNhdmUwLjkuMWNhdHSBomNjYW5hKmR3aXRoeDhkaWQ6a2V5Ono2TWtvaDQ2RkNBdnJMcGk4WHl5cWdCUG1NVmIyZkpBVXk4VzU2YktLN1NORHhaQWNhdWRYLZ0abWFpbHRvOmVudmlzaW9uYmxvY2tjaGFpbi5jb206YWxleC5weWF0YWtvdmNleHD2Y2ZjdIGhZXNwYWNlomRuYW1laGd1YXJkaWFuZmFjY2Vzc6FkdHlwZWZwdWJsaWNjaXNzWCLtAYlBzAXtCgD4zxjdxdIHKiEbmtQqbdxM7pJO8Q2BOO9VY3ByZoDQAgFxEiDY64mqHb+a0dIKtVoym/tul6rFITNnqnjWbSknqPAAsahhc0SAoAMAYXZlMC45LjFjYXR0gaJjY2FuYSpkd2l0aGZ1Y2FuOipjYXVkWCLtASERq7XJwRXBrv/46B5x9Uq5e+BDS7N6vqJ+Wm82CL0pY2V4cPZjZmN0gaJuYWNjZXNzL2NvbmZpcm3YKlglAAFxEiDTLleW0qs7wWq/Z6RNPp4o4D2IxMStX+//5sFG2ckjZG5hY2Nlc3MvcmVxdWVzdNgqWCUAAXESIMhIhyarRFICo4QPDdOKDO8BNwHjXNTGaCqy0eHh4vEaY2lzc1gtnRptYWlsdG86ZW52aXNpb25ibG9ja2NoYWluLmNvbTphbGV4LnB5YXRha292Y3ByZoHYKlglAAFxEiCYAtkNFCeaicC0B8IsMVq05T8vu8M77Bzz4WtM2QfZRqcDAXESIAHN3A5bK5uArbsqBobEv1tdR4mok9Sd9kyxJHJEaqh2qGFzWETtoQNAYs0zUoxUiMTk7f/vy3M9zt9YepNy32hzTWMSudV9/W9Sob6zGsppV/h27zATBiGyI4FQq9qS9Fx+CN9OFBnIDGF2ZTAuOS4xY2F0dIGjYm5ioWVwcm9vZtgqWCUAAXESINjriaodv5rR0gq1WjKb+26XqsUhM2eqeNZtKSeo8ACxY2Nhbmt1Y2FuL2F0dGVzdGR3aXRoeBtkaWQ6d2ViOnVwLnN0b3JhY2hhLm5ldHdvcmtjYXVkWCLtASERq7XJwRXBrv/46B5x9Uq5e+BDS7N6vqJ+Wm82CL0pY2V4cPZjZmN0gaJuYWNjZXNzL2NvbmZpcm3YKlglAAFxEiDTLleW0qs7wWq/Z6RNPp4o4D2IxMStX+//5sFG2ckjZG5hY2Nlc3MvcmVxdWVzdNgqWCUAAXESIMhIhyarRFICo4QPDdOKDO8BNwHjXNTGaCqy0eHh4vEaY2lzc1gZnRp3ZWI6dXAuc3RvcmFjaGEubmV0d29ya2NwcmaAhggBcRIgddUIpAvhN2BjhQMSqBBXKI43WcqfV5rRKNM+kv/VrqmoYXNYRO2hA0B79mAftjYykI9kjXzCbBe69dtsPFko/FeMDXoN1P6+R3/GBdHFRFEaWVODZx+TiHubhc5RFiqMSjbltZX+JeUCYXZlMC45LjFjYXR0iaJjY2FuaGFzc2VydC8qZHdpdGh4OGRpZDprZXk6ejZNa29oNDZGQ0F2ckxwaThYeXlxZ0JQbU1WYjJmSkFVeThXNTZiS0s3U05EeFpBomNjYW5nc3BhY2UvKmR3aXRoeDhkaWQ6a2V5Ono2TWtvaDQ2RkNBdnJMcGk4WHl5cWdCUG1NVmIyZkpBVXk4VzU2YktLN1NORHhaQaJjY2FuZmJsb2IvKmR3aXRoeDhkaWQ6a2V5Ono2TWtvaDQ2RkNBdnJMcGk4WHl5cWdCUG1NVmIyZkpBVXk4VzU2YktLN1NORHhaQaJjY2FuZ2luZGV4Lypkd2l0aHg4ZGlkOmtleTp6Nk1rb2g0NkZDQXZyTHBpOFh5eXFnQlBtTVZiMmZKQVV5OFc1NmJLSzdTTkR4WkGiY2NhbmdzdG9yZS8qZHdpdGh4OGRpZDprZXk6ejZNa29oNDZGQ0F2ckxwaThYeXlxZ0JQbU1WYjJmSkFVeThXNTZiS0s3U05EeFpBomNjYW5odXBsb2FkLypkd2l0aHg4ZGlkOmtleTp6Nk1rb2g0NkZDQXZyTHBpOFh5eXFnQlBtTVZiMmZKQVV5OFc1NmJLSzdTTkR4WkGiY2NhbmhhY2Nlc3MvKmR3aXRoeDhkaWQ6a2V5Ono2TWtvaDQ2RkNBdnJMcGk4WHl5cWdCUG1NVmIyZkpBVXk4VzU2YktLN1NORHhaQaJjY2FuamZpbGVjb2luLypkd2l0aHg4ZGlkOmtleTp6Nk1rb2g0NkZDQXZyTHBpOFh5eXFnQlBtTVZiMmZKQVV5OFc1NmJLSzdTTkR4WkGiY2Nhbmd1c2FnZS8qZHdpdGh4OGRpZDprZXk6ejZNa29oNDZGQ0F2ckxwaThYeXlxZ0JQbU1WYjJmSkFVeThXNTZiS0s3U05EeFpBY2F1ZFgi7QEdIMxoXVhEQWRBD8r1umf/n9pAJ8dPi4nWRhncZc8RTGNleHD2Y2ZjdIGhZXNwYWNlomRuYW1laGd1YXJkaWFuZmFjY2Vzc6FkdHlwZWZwdWJsaWNjaXNzWCLtASERq7XJwRXBrv/46B5x9Uq5e+BDS7N6vqJ+Wm82CL0pY3ByZoLYKlglAAFxEiDY64mqHb+a0dIKtVoym/tul6rFITNnqnjWbSknqPAAsdgqWCUAAXESIAHN3A5bK5uArbsqBobEv1tdR4mok9Sd9kyxJHJEaqh2WQFxEiAUV862GvLN8xtpWc4dlk5ItxlQ+HqAIcr44nJXi36E7KFqdWNhbkAwLjkuMdgqWCUAAXESIHXVCKQL4TdgY4UDEqgQVyiON1nKn1ea0SjTPpL/1a6p" # only valid for web3storage provider; ignored in other cases
+#IPFS_PUBLIC_GATEWAY='https://{cid}.ipfs.w3s.link' # use this for public providers (filebase, web3storage, etc.)
+IPFS_PUBLIC_GATEWAY='http://ipfs-node:8080/ipfs/{cid}' # use this for local provider
 IPFS_NODE_ADDRESS="http://ipfs-node:5001" # only valid for local provider; ignored in other cases
 ANALYTICS_SERVICE="http://indexer-api-gateway:3021"
 #ANALYTICS_SERVICE_TOKEN="" # mandatory to be able to use the MGS indexer
@@ -86,6 +88,7 @@ MULTI_POLICY_SCHEDULER="0 0 * * *"
 # FEATURES
 # --------------
 BBS_SIGNATURES_MODE="WASM"
+# PYTHON_SANDBOX_MODE="pyodide" # "pyodide" (default) or "docker"
 # IMPORT_KEYS_FROM_DB=1
 # MQ_MESSAGE_CHUNK=5000000
 # RAW_REQUEST_LIMIT="1gb"
@@ -167,10 +170,11 @@ BLOCK_PRIVATE_IP="false"
 #Service secrets for auth between services
 # SERVICE_JWT_SECRET_KEY_ALL and SERVICE_JWT_PUBLIC_KEY_ALL are used for local development only
 # Recommended to create separate key pairs for each service
-SERVICE_JWT_PUBLIC_KEY_ALL="..."
-SERVICE_JWT_SECRET_KEY_ALL="..."
+SERVICE_JWT_SECRET_KEY_ALL="-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCk3t8tlNZ785e0\nJ+b5vvkPh0LJgbnYOFFIBksN80wFNxfjKg/T9bJ+RJZHSifoYnMd9yqTDHUndsFm\nJUL2So/Lt1p54uyYN2G4ERrU+MI2bcxc1kPa+F5hu8g8shgIQTE5vc6TtM6Ifw8R\njPmFEojCa7QtbePTnttsUdZOLl7vEyjmCW+L6vBHM0oL+D8MjxT48JH5hErtrnTp\nX4cBaZEq9x9hm6MKSWXoarMH74VpaBVfNuPRB7aqquT4g0+FWQ4eTltFlsPoQm8P\nMSxpX/h24wxUe/reYOCeVmkQTTSALrfeeoUlzT5UQNN36garSZBH9TOGXohn7O8+\nfep9augfAgMBAAECggEACACB4Cz6p1kgfPp4z+37GaFXgP8+XWZdBOa6oCqK/y/N\nhYAw9M6BLiFhvS5gtyXcGia5FsUChKVTaAPuoZSR28cs6YCK5Ne/SEHwRZ5DPYVh\nEgUblaumAmQCU8vTCxza6PII7jYBgNzQhuoK4Ztk2YbaX7VshYS5d/hAM1rgebBQ\n7ZRL4tQt02jD/XChzHibJtqLpM+5IoTIjE331vcycpadsg43UXQINO9I9EMl4TGb\nrEfGoTV0xiuPMJXCGt2XBL3tPkcWediT1KN5ZpvuIXu5smYMI8Fi+xUm38QfRJIE\n482cV8/dAEqdhnVrUG+yDkhbry31vRE2BsIxe+sJaQKBgQDRGNC+toA7wxYtu+vl\n/ppeHNCMdq/XEJ6iqKUYPHSTiLDsxvuij2WYm/t62p0/MhFm7fs2KhAv34tx6dOy\nqzpyFexLWG5kG3FMjNrKRclLv6HKv/sxpoYFkv08Rsv0wnWyEMrh2SscLLa0E64q\npFrOkpoUEN0yEaAYyOdfrrKtZwKBgQDJ2mcGPerjHxnz/PDRNLc3U2yBqogbNNxj\nTR8GDdt8JGG5/OMlwaVIBeER/AgEpkHcVuf79mVRn/iWf4M5mCKrdWaA2mRktv0T\nw3aPQYPBaBzFF1jkAfvEZ46C3omu9xjFzsXFqHJecyt9kCC6fbku3uRA6ODIOv50\nPzD7LaWEiQKBgQCVivDoJK/rjefTx527/O48NtF0VAIIhytdW83PWpVpWo5mmR0o\nsvPPRGeEAswJgW5ute8/Wq/+/RrG2pt8IfgH1eQMMu+oivPp8qcbmPORSDmXPtyR\nMu6RGAIi1ONTZqw0MMxY4C9z1ArLGXQrrSYArVqi1TjNcUuVzkGj7dZ+KwKBgDRW\nlfoPWfU0HkWeY07LjWoiDnN8pTfwt+hjmdS3CR8iS9iu0rL6iAGpzJceM3IJLfCU\n9Cfn1pOYmBtlyr/HS84Lbd2hQwC+VdanCvnQMfqXJUaRbDIKtZ5Sf6g9TZP5bAn2\nOF+s8qK82B0BnwrcCIU3tBWEjKw+Z7X6oJewWUeJAoGAFA9kJlRo8yFXb4GELlbd\nksuxdMQ5qsAoS4fQKEqGF/WbfvANh6lsUVpIsbbud6vftZTLmhGx2vkzjAvdIFDR\nUL5sJhUfvqgrfiLuPsW3Ik+MaR0rMIk93UztXvqGYW+7bQgblhujYHowh5iqoVPZ\nhZlUAa8O+l53H99w1y+n0+I=\n-----END PRIVATE KEY-----"
+SERVICE_JWT_PUBLIC_KEY_ALL="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApN7fLZTWe/OXtCfm+b75\nD4dCyYG52DhRSAZLDfNMBTcX4yoP0/WyfkSWR0on6GJzHfcqkwx1J3bBZiVC9kqP\ny7daeeLsmDdhuBEa1PjCNm3MXNZD2vheYbvIPLIYCEExOb3Ok7TOiH8PEYz5hRKI\nwmu0LW3j057bbFHWTi5e7xMo5glvi+rwRzNKC/g/DI8U+PCR+YRK7a506V+HAWmR\nKvcfYZujCkll6GqzB++FaWgVXzbj0Qe2qqrk+INPhVkOHk5bRZbD6EJvDzEsaV/4\nduMMVHv63mDgnlZpEE00gC633nqFJc0+VEDTd+oGq0mQR/Uzhl6IZ+zvPn3qfWro\nHwIDAQAB\n-----END PUBLIC KEY-----"
+
 # set QM_VERIFICATION to false to disable message verification and signing
-# QM_VERIFICATION=false
+QM_VERIFICATION=false
 
 #Integrations tokens
 KANOP_IO_AUTH_TOKEN="..."