# Onli Support — Complete Documentation
> Concatenated raw markdown for every documentation page on https://onli.support.
> Each section header is the canonical URL of that page.
---
# Source: https://onli.support/api-reference/flows/
---
title: "API Flows"
description: "Popular sequences of gRPC API requests for common Onli Platform workflows - from issuing assets to changing ownership and authentication patterns."
author: "Onli Documentation Team"
date: "2024-01-15"
---
# API Flows
This section documents the most commonly used sequences of gRPC API requests for typical Onli Platform workflows. These flows represent real-world usage patterns that help you understand how the various API calls work together to accomplish common tasks.
## Overview
The Onli Platform API flows are organized into three main levels of complexity:
- **Level 1**: Basic asset issuance to your first owner
- **Level 2**: Asset ownership transfer between owners
- **Level 3**: Authentication and authorization patterns
Each flow builds upon the previous level, creating a comprehensive understanding of how to work with the Onli Platform APIs in practice.
---
## Level 1: Issue to Your First Owner
This flow covers the complete process of creating an owner and issuing your first asset to them. This is typically the starting point for any Onli Platform integration.
### Prerequisites
- Onli Cloud instance configured
- Valid API credentials
- iOS device for testing (OnliYou app)
### Step-by-Step Flow
#### 1. Create Owner
```grpc
CreateOwner RPC
```
**Purpose**: Create a new owner account in the system
**Required**: Owner credentials and basic profile information
#### 2. OnliYou App Setup
- Download OnliYou app from App Store
- Turn on developer mode in iOS settings
- Add `deployment_subdomain` and credentials to verify user
- Initialize vault in iOS app
#### 3. Verify User Status
- Check status of user in Onli Cloud web app
- Ensure user status shows as "active"
- Verify vault initialization completed successfully
#### 4. Issue Asset
```grpc
Issue RPC
```
**Purpose**: Create and deliver the first asset to the owner
**Parameters**: Asset definition, owner ID, initial metadata
#### 5. Verification Steps
- View package received in iOS app (OnliYou)
- Check Oracle to verify ownership of newly issued assets (web app)
- Direct owner to Auth Log in iOS app to show event (no entry yet at this stage)
### Expected Outcomes
- Owner successfully created and active
- OnliYou app configured and vault initialized
- Asset successfully issued and received
- Oracle confirms ownership record
- Event logged in OnliYou app
---
## Level 2: Change Ownership of Assets to Second Owner
This flow demonstrates how to transfer asset ownership between two owners, including the request/response pattern that ensures secure transfers.
### Prerequisites
- Completed Level 1 flow (first owner with assets)
- Second owner account ready to be created
### Step-by-Step Flow
#### 1. Create Second Owner
```grpc
CreateOwner RPC
```
**Requirement/Dependency**: Must have a second owner before transfer can occur
**Note**: This owner will be the recipient of the asset transfer
#### 2. Initiate Transfer Request
```grpc
AskToMoveStream RPC
```
**Purpose**: Request permission from current owner to transfer asset
**Target**: Send request to the first owner (current asset holder)
**Parameters**: Asset ID, source owner, destination owner
#### 3. Owner Accepts Transfer
- First owner receives AskToMove request notification in OnliYou app
- Owner reviews transfer details and accepts the request
- System generates `asktomoveid` for the approved transfer
#### 4. Monitor Transfer Status
- Onli Cloud UX shows request status progression:
- a) Request sent
- b) Request accepted
- c) `asktomoveid` stored for subsequent RPC request
#### 5. Execute Ownership Change
```grpc
ChangeOwner RPC
```
**Purpose**: Execute the actual ownership transfer
**Required Parameter**: `asktomoveid` from step 4
**Process**: System updates ownership records and transfers asset
#### 6. Verification Steps
- Check Oracle to verify ownership of assets moved
- Confirm new owner appears in ownership records
- Verify old owner no longer has asset access
- Direct both owners to Auth Log in iOS app to show transfer events
### Expected Outcomes
- Second owner successfully created
- Transfer request sent and accepted
- Asset ownership successfully changed
- Oracle reflects new ownership
- Transfer events logged for both owners
---
## Level 3: Authentication & Authorization
This advanced flow covers the authentication and authorization patterns that enable secure interactions between appliances and owners.
## Authentication Flow
### Owner Authentication
This sub-flow demonstrates how to authenticate an existing owner for secure operations.
#### 1. Initiate Authentication
```grpc
AuthenticateOwner RPC (stream, 60-second limit)
```
**Purpose**: Verify owner identity for secure operations
**Target**: Existing user with active vault
**Time Limit**: 60-second stream timeout for security
#### 2. Owner Response Handling
- Owner receives authentication notification in OnliYou app
- Owner can accept or deny the authentication request
- System maintains secure session during decision period
#### 3. Complete Authentication
- Onli Cloud web app displays authentication response
- Stream ends automatically after response or timeout
- Authentication result logged for audit purposes
#### 4. Verification
- Direct owner to Auth Log in iOS app to show authentication event
- Verify authentication event recorded with timestamp and result
## Authorization Flow
### Behavior Authorization
This sub-flow shows how to authorize specific behaviors or actions for an authenticated owner.
#### 1. Setup User Class and Behavior
- Use appliance tray to create user class definition
- Define specific user behavior example
- Configure permission parameters and constraints
#### 2. Initiate Authorization
```grpc
AuthorizeBehavior RPC (stream)
```
**Purpose**: Request permission for specific behavior/action
**Target**: Authenticated owner
**Parameters**: Behavior definition, permission scope, duration
#### 3. Owner Authorization Response
- Owner receives behavior authorization notification in OnliYou app
- Owner reviews requested permissions and behavior details
- Owner can accept or deny the authorization request
#### 4. Complete Authorization
- Onli Cloud web app displays authorization response
- Stream ends after owner response
- Authorization permissions activated if approved
#### 5. Verification
- Direct owner to Auth Log in iOS app to show authorization event
- Verify behavior permissions are properly configured
- Test authorized behavior to ensure it works as expected
### Expected Outcomes
- Owner successfully authenticated
- User class and behavior properly defined
- Authorization request sent and processed
- Permissions activated for approved behaviors
- All auth events logged and auditable
## Next Steps
After mastering these flows, explore:
- [Buf.Build Integration](/api-reference/buf-build) for protocol definitions
- [Postman Collection](/api-reference/postman) for interactive testing
- [Requirements](/api-reference/requirements) for setup prerequisites
For technical support with implementing these flows, contact our integration team.
---
# Source: https://onli.support/api-reference/onli-cloud-api/
---
title: "Onli Cloud API"
---
# Onli Cloud API
The Onli Cloud API provides the compute, storage, networking, database, and platform services you need to interact with Owners on the Onli_One Network. Onli Cloud Services is a functions-as-a-service platform that, upon an authenticated request, creates Owners (Onli_ID), asks owners to move assets (AskToMove), hosts the master Oracle, and hosts Treasury Vault where Assets are held for issuance to Owners (Issue).
> Onli Cloud API refers to the [Onli Cloud RPC Service](https://buf.build/onlicorp/onli-cloud) and has it's own url separate and distinct from Onli ID Owner Services.
Treasury is an Onli-Cloud service that stores, defines and issues genomes. The Treasury Vault manages asset issuance and distribution of genomes across the Onli_One network.
- [Onli Cloud API Buf.Build Protocol Buffers](https://buf.build/onlicorp/onli-cloud) - Complete protocol buffer definitions
- [Onli Cloud API Postman Collection](https://www.postman.com/onlicorp/onli/collection/6797acdc69c951396fe48843) - Interactive examples
## Issue
Issue appliance assets from the Treasury Vault to any member of your Appliance. Issuance incurs a one-time issuance fee of $0.05 USD per asset. The issuance fee is billed to the admin developer account.
Issue genomes from the treasury to an owner. You can issue using either amount as input or onli_ids. When onli_ids are provided, the amount parameter is ignored.
**Resources:** [Proto](https://buf.build/onlicorp/onli-cloud/docs/main:onliCloudApi#onliCloudApi.OnliCloudApi.Issue) + [Example](https://www.postman.com/onlicorp/onli/grpc-example/6797b08509772940939b7c64)
### `IssueInput`
| Field | Description |
|-------|-------------|
| `to` | Recipient user ID for the asset issuance |
| `app_symbol` | Your App Symbol |
| `amount` | Total face value to issue - ignored if onli_ids provided |
| `which_device` | Destination vault type: "cloud" or "mobile" |
| `onli_ids` | Array of specific genome IDs to issue (optional, overrides amount) |
### `IssueResponse`
| Field | Description |
|-------|-------------|
| `issue_id` | Unique identifier for this issuance transaction |
| `issued_at` | Unix timestamp when the issue was processed |
| `owner_changed_at` | Unix timestamp when ownership was transferred |
| `delivered_at` | Unix timestamp when assets were delivered to recipient |
| `pkg_tag` | Package identifier for tracking the delivered assets |
### Example Request
```json
{
"to": "usr-319d53bc-cf9b-5cea-9ec7-e6863a35b450",
"app_symbol": "ENGMA",
"amount": "3000",
"which_device": "desktop"
}
```
### Example Response
```json
{
"issue_id": "d8042a84-5663-4cb2-94f7-aa61b581f320",
"issued_at": "1741701330",
"owner_changed_at": "1741701331",
"delivered_at": "1741701331",
"pkg_tag": "f608bcd5-4acb-49db-b288-54ea66800af0"
}
```
### Issuance Options
| Method | Description | Use Case |
|--------|-------------|----------|
| **Amount-Based** | Specify total face value to issue | When you need a specific face value total |
| **ID-Based** | Specify exact genome IDs (individual files) | When you need specific genomes by ID |
### Genus determines how `amount` is interpreted
| Genus | Face Value | Amount Relationship | Example |
|-------|------------|-------------------|---------|
| **Symmetric** | `one` | Amount = genome count | `"amount": "21"` = 21 genome files (each face value 1) |
| **Series** | `one` | Amount = genome count | `"amount": "21"` = 21 genome files (each face value 1) |
| **Denomination** | metric denomination | Amount != genome count | `"amount": "21"` = 3 files (face values sum to 21, e.g., 10+10+1) |
> **Issuance Fee**: $0.05 USD per genome asset issued
## AskToMove
Only an Owner can move an issued Asset. AskToMove is an authenticated request from an Appliance to an asset Owner to move a specified amount of Assets from an Onli_You vault to an appliance settlement locker for the purposes of settlement.
AskToMove workflow is a bi-directional stream used to ask an owner to move their genomes to their locker which can then be used with ChangeOwner to transfer to another owner's locker. This request is initiated by a master and a notification is sent to the owner. The owner can either accept or deny the request; only accepted requests will pack genomes and move them to the settlement locker. Assets that remain in a settlement locker and have not changed ownership in a discrete time window will automatically be returned to the original owner's cloud vault.
**Resources:** [Proto](https://buf.build/onlicorp/onli-cloud/docs/main:onliCloudApi#onliCloudApi.OnliCloudApi.AskToMoveStream) + [Example](https://www.postman.com/onlicorp/onli/grpc-example/6797b49b412d99eb59e7f303)
### `AskToMoveReq`
| Field | Description |
|-------|-------------|
| `add_settle_time` | Additional settlement time in hours (e.g., "0" for default) |
| `amount` | Total face value of assets to move |
| `app_symbol` | Your App Symbol |
| `note` | Notification details for the Owner |
| `behavior` | Behavior type for the request (e.g., `move`) |
| `body` | Message body explaining the request to the Owner |
| `to` | Target Owner user ID to receive the move request |
### `AskToMoveRecord`
| Field | Description |
|-------|-------------|
| `ask_to_move_id` | Unique identifier for this move request |
| `pkg_tag` | Package identifier for tracking the assets |
| `to` | Target Owner user ID |
| `note` | Notification details sent to the Owner |
| `behavior` | Behavior type for the request |
| `body` | Message body sent to the Owner |
| `amount` | Total face value of assets requested to move |
| `app_symbol` | Your App Symbol |
| `asset_balance` | Owner's current asset balance (cloud vault only) |
| `notified_at` | Unix timestamp when Owner was notified |
| `status` | Current status of the request (e.g., "OPEN", ) |
| `expires_at` | Unix timestamp when the request expires |
| `behavior_status` | Boolean indicating if behavior is authorized |
| `authorization_status` | Boolean indicating if request is authorized |
| `auth_log_id` | Authentication log identifier for this request |
### Example Request
```json
{
"add_settle_time": "0",
"amount": "1",
"app_symbol": "ENGMA",
"note": {
"behavior": "move",
"body": "Accept ask to move request from ENGMA"
},
"to": "usr-319d53bc-cf9b-5cea-9ec7-e6863a35b450"
}
```
### Example Response
```json
{
"ask_to_move_id": "61c81618-1455-41c6-b5b9-6a1d04be5612",
"pkg_tag": "f608bcd5-4acb-49db-b288-54ea66800af0",
"to": "usr-319d53bc-cf9b-5cea-9ec7-e6863a35b450",
"note": {
"behavior": "move",
"body": "Accept ask to move request from ENGMA"
},
"amount": "1",
"app_symbol": "ENGMA",
"asset_balance": "2008",
"notified_at": "1741866953",
"status": "OPEN",
"expires_at": "1757634953",
"behavior_status": true,
"authorization_status": true,
"auth_log_id": "auth-d8042a84-5663-4cb2-94f7-aa61b581f320"
}
```
### Stream Workflow
| Step | Action | Description |
|------|--------|-------------|
| **1. Request** | Appliance sends AskToMoveReq | Initiates the move request with Owner details |
| **2. Notification** | Owner receives notification | Owner is notified via their Onli_You app |
| **3. Response** | Owner accepts/denies | Owner decides whether to approve the move |
| **4. Record** | System returns AskToMoveRecord | Contains request status and tracking information |
| **5. Settlement** | Assets move to locker | If accepted, assets move to settlement locker for the agreed settlement time window; Next step is ChangeOwner rpc |
| **6. Timeout** | Auto-return if unused | Assets return to Owner if not used for ChangeOwner |
### Request Status Values
| Status | Description | Next Steps |
|--------|-------------|------------|
| **ASKED** | Message sent to target owner | Wait for Owner response within 60 seconds |
| **DENIED** | Target owner has denied the request | Request closed, no asset movement |
| **OPEN** | Target owner has accepted the request | Assets available for ChangeOwner |
| **ASKED_EXPIRED** | Target owner did not respond within 60sec window | Request automatically expired |
| **OPEN_EXPIRED** | ChangeOwner did not occur in agreed settlement time window | Package returned to target owner |
| **CLOSED** | Package of genomes has successfully changed ownership | Transfer completed successfully |
| **HOLD** | Administrative block on status change of package | Contact support for resolution |
| **RETURNED** | Master triggered return of package to target owner | Assets returned to original owner |
| **FAILED** | Request failed due to system error | Retry request or contact support |
### Settlement Locker Behavior
- **Purpose**: Temporary holding area for assets during change of ownership
- **Access**: Only accessible for ChangeOwner operations
- **Visibility**: Owners can view, but not alter or change, the contents of their settlement locker
- **Timeout**: Assets automatically return to Owner if not used within time window
### Next Steps
After successfully initiating an AskToMove request:
1. Monitor the `ask_to_move_id` for status updates; use GetAskToMoveRecord to retrieve the status
2. Use the `ask_to_move_id` with ChangeOwner to complete the transfer
## ChangeOwner
ChangeOwner is an authenticated request to change the Owner of Onli. ChangeOwner results in Genome Editing.
Only Assets in a settlement locker can be accessed by the Transfer Agent. This results in genome editing. Genome editing can only be executed by the Transfer Agent inside the trusted execution environment of Onli_One. The request to change an owner while it is a request from an Appliance, this request must be authorized by an Owner. To obtain this authorization, an AskToMove is a prerequisite.
**Resources:** [Proto](https://buf.build/onlicorp/onli-cloud/docs/main:onliCloudApi#onliCloudApi.OnliCloudApi.ChangeOwner) + [Example](https://www.postman.com/onlicorp/onli/grpc-example/6797ba0a09772940939b8d3f)
**Prerequisites:** Valid `ask_to_move_id` from a completed AskToMove request with status "OPEN", sender and recipient user IDs, and target device type.
### `ChangeOwnerInput`
| Field | Description |
|-------|-------------|
| `from` | Current source and owner user ID (current Owner of the assets) |
| `to` | Recipient destination and owneruser ID (next Owner of the assets) |
| `ask_to_move_id` | Valid AskToMove request ID with "OPEN" status |
| `app_symbol` | Your App Symbol |
| `amount` | Total face value of assets to transfer (must match the amount in the AskToMove request) |
| `which_device` | Destination vault type: "cloud" or "mobile" |
### `ChangeOwnerResponse`
| Field | Description |
|-------|-------------|
| `ask_to_move_id` | The AskToMove request ID that was processed |
| `evolve_id` | Unique identifier for the Transfer Agent's genome editing operation |
| `received_at` | Unix timestamp when request was received |
| `owner_evolved_at` | Unix timestamp when ownership change was processed |
| `delivered_at` | Unix timestamp when assets were delivered to new Owner |
### Example Request
```json
{
"from": "usr-319d53bc-cf9b-5cea-9ec7-e6863a35b450",
"to": "usr-d7da6d6a-4ab1-53f4-a599-51f97840aa93",
"ask_to_move_id": "61c81618-1455-41c6-b5b9-6a1d04be5612",
"app_symbol": "ENGMA",
"amount": 1,
"which_device": "desktop"
}
```
### Example Response
```json
{
"ask_to_move_id": "61c81618-1455-41c6-b5b9-6a1d04be5612",
"evolve_id": "5487fa89-b0ca-47ec-a582-79a5ee61d808",
"received_at": "1742211777",
"owner_evolved_at": "1742211777",
"delivered_at": "1742211778"
}
```
### Process Flow
1. **Prerequisite Check**: Validates AskToMove request has "OPEN" status
2. **Asset Access**:Logistics Ageng moves assets from settlement locker to Transfer Agent
3. **Genome Editing**: Secure evolution of genome ownership records
4. **Ownership Transfer**: Updates Oracle with new ownership oracle helices
5. **Asset Delivery**: Delivers assets to recipient's specified device vault or locker if recipient owner does not have an active vault
6. **Completion**: Updates AskToMove status to "CLOSED"
### Idempotency & Retry Semantics
ChangeOwner uses **server-driven deduplication** anchored on `ask_to_move_id`. There is no client-supplied idempotency key, header, or replay token — the AskToMove record's status is the dedup mechanism.
**Contract:**
- Every AskToMove generates a unique, server-issued `ask_to_move_id`. IDs are never reused.
- A successful ChangeOwner transitions the corresponding AskToMove record from `OPEN` to `CLOSED`.
- A second ChangeOwner with the same `ask_to_move_id` fails the prerequisite check and returns:
```
Code: Unauthenticated
Err: askToMoveRecord.Status is not open
```
- The original `ChangeOwnerResponse` (`evolve_id`, `received_at`, `owner_evolved_at`, `delivered_at`) is **not replayed** on the second call. The `evolve_id` is also **not recoverable from `AuthLog`** — `AuthLog` only captures the AskToMove event and the Owner's approval, not the ChangeOwner response. Clients must persist the response from the first successful call.
- The same `Unauthenticated` error covers any non-`OPEN` status, not just `CLOSED`. Inspect `AskToMoveRecord.status` to distinguish "already done" (`CLOSED`) from "no longer actionable" (`DENIED`, `ASKED_EXPIRED`, `OPEN_EXPIRED`, `RETURNED`, `HOLD`, `FAILED`).
**Retry guidance:**
For the full error catalog, see the [proto definition](https://buf.build/onlicorp/onli-cloud/docs/main:onliCloudApi#onliCloudApi.OnliCloudApi.ChangeOwner). The table below summarises which classes are safe to retry.
| Error class | Safe to retry? | Notes |
|-------------|----------------|-------|
| `Unavailable` (any client) | Yes | Transient connectivity. Retry with exponential backoff. AskToMove record state is unchanged |
| `Internal` before `EvolveOwner` (e.g. `GetAskToMoveRecord`) | Yes | No state change. Retry |
| `Internal` inside `EvolveOwner` | Conditional | Ownership may have partially transitioned depending on which sub-step failed. Call `GetAskToMoveRecord` and `RevealGenomes` to determine actual state before retrying. If `RevealGenomes` shows the recipient already owns the genomes, the transfer succeeded — do not retry |
| `Internal` `unable to CloseAskToMove` | Conditional | Runs after `EvolveOwner`. The ownership change may have completed even though the AskToMove record was not flipped to `CLOSED`. Reconcile via `GetAskToMoveRecord` and `RevealGenomes` before retrying |
| `Unauthenticated` `askToMoveRecord.Status is not open` | No | Terminal. If status is `CLOSED`, a prior ChangeOwner already succeeded — treat as success. For any other status, a new AskToMove is required |
| `Unauthenticated` `invalid pkg` | No | Package failed validation. A new AskToMove is required |
| `InvalidArgument` (validation, amount mismatch) | No | Fix the request before resubmitting |
**AskToMove side:** AskToMove is *not* idempotent on the request side. Each call generates a new `ask_to_move_id` and sends a fresh notification to the Owner. To check the state of an existing request without renotifying, use `GetAskToMoveRecord` rather than re-issuing the AskToMove.
---
## AuthenticateOwner
AuthenticateOwner is an Onli_ID RPC that authenticates owners on the Onli_One network using our patented authentication system. Since Owners control their Owner_Object, their express permission must be requested to use their credentials. Authentication is an Onli_ID transaction that results in the editing of Genes.
The method operates as a bi-directional stream request from a master to an owner, staying open for a 60-second interval before expiring. When initiated, the owner receives a notification in their OnliYou app and can accept or deny the request. Accepting the request authenticates the owner and returns their cloud vault asset balance to the master. For more detailed asset information, masters can use the AskAssetBalance method with the owner's authorization.
AuthenticateOwner supports 3 different methods of authentication:
- **basic**: Uses the owner's gene to authenticate
- **reverse-mfa**: Uses the owner's gene to authenticate alongside a master generated string for the owner to input during acceptance
- **reverse-hash**: Uses the owner gene to authenticate alongside a master generated nonce for the gene to sample during acceptance (Note: reverse hash will be available in a future update)
The server will select authentication method based on the input request. Onli Cloud marks the authenticate_owner_record as ASKED at init. If the owner accepts then it will be marked as ACCEPTED. Else if the owner denies then it will be marked as DENIED. Else if the owner doesn't respond within the 60-second interval then it will be marked as EXPIRED.
**Resources:** [Proto](https://buf.build/onlicorp/onli-cloud/docs/main:onliCloudApi#onliCloudApi.OnliCloudApi.AuthenticateOwner) + [Example](https://www.postman.com/onlicorp/onli/grpc-example/679a51dbde5f880cbcd757b9)
**Prerequisites:** Target Owner `user_id`, `app_symbol`, authentication message body, and optionally a `rev_string` for reverse-mfa authentication. The onus is on the master to share the `rev_string` with the owner, if this authentication method is used.
### `AuthenticateOwnerReq`
| Field | Description |
|-------|-------------|
| `owner` | Target Owner user ID to authenticate |
| `app_symbol` | Your App Symbol |
| `body` | Message body explaining the authentication request to the Owner |
| `rev_string` | Master generated string for reverse-mfa authentication (optional) |
### `AuthenticateOwnerRecord`
| Field | Description |
|-------|-------------|
| `owner` | Target Owner user ID that was authenticated |
| `auth_log_id` | Unique identifier for this authentication log entry |
| `authentication_status` | Authentication result status (e.g., "AuthenticationStatusACCEPTED") |
| `auth_type` | Authentication method used (e.g., "BASIC", "REVERSE_MFA") |
| `rev_string` | Master generated string (if reverse-mfa was used) |
| `app_symbol` | Your App Symbol |
| `body` | Message body that was sent to the Owner |
| `asset_balance` | Owner's current asset balance |
### Authentication Methods
| Method | Description | Use Case | Requirements |
|--------|-------------|----------|--------------|
| **BASIC** | Uses owner's gene only | Simple authentication | Owner user ID only |
| **REVERSE_MFA** | Gene + master string | Enhanced security | Owner user ID + rev_string |
| **REVERSE_HASH** | Gene + master nonce | Advanced security | Not currently supported |
### Example Request (Basic Authentication)
```json
{
"owner": "usr-319d53bc-cf9b-5cea-9ec7-e6863a35b450",
"app_symbol": "ENGMA",
"body": "Please Confirm Request to Authenticate from ENGMA"
}
```
### Example Response (Basic Authentication)
```json
{
"owner": "usr-319d53bc-cf9b-5cea-9ec7-e6863a35b450",
"auth_log_id": "auth-log-19a0d6a8-f8b3-4f7d-9676-d6651d8db8c0",
"authentication_status": "AuthenticationStatusACCEPTED",
"auth_type": "BASIC",
"rev_string": "",
"app_symbol": "ENGMA",
"body": "Please Confirm Request to Authenticate from ENGMA",
"asset_balance": "8165210"
}
```
### Example Request (Reverse-MFA Authentication)
```json
{
"owner": "usr-319d53bc-cf9b-5cea-9ec7-e6863a35b450",
"app_symbol": "ENGMA",
"body": "Please Confirm Request to Authenticate from ENGMA",
"rev_string": "96"
}
```
### Example Response (Reverse-MFA Authentication)
```json
{
"owner": "usr-319d53bc-cf9b-5cea-9ec7-e6863a35b450",
"auth_log_id": "auth-log-19a0d6a8-f8b3-4f7d-9676-d6651d8db8c0",
"authentication_status": "AuthenticationStatusACCEPTED",
"auth_type": "REVERSE_MFA",
"rev_string": "96",
"app_symbol": "ENGMA",
"body": "Please Confirm Request to Authenticate from ENGMA",
"asset_balance": "51"
}
```
### Authentication Status Values
| Status | Description | Meaning |
|--------|-------------|---------|
| **ASKED** | Authentication request initiated | Waiting for Owner response |
| **ACCEPTED** | Owner approved authentication | Authentication successful |
| **DENIED** | Owner rejected authentication | Authentication failed |
| **EXPIRED** | Owner did not respond within time limit | Authentication timed out |
### Stream Behavior
- **Bi-directional**: Real-time communication between Appliance and Owner
- **Time-limited**: Stream expires after 60-second interval
- **Auto-close**: Stream automatically closes after Owner response or timeout
- **Real-time**: Owner receives immediate notification in Onli You app
### Next Steps
After successfully authenticating an Owner:
1. Use the `auth_log_id` to track the authentication event
2. Store the authentication status for your application's security logic
3. Proceed with authenticated operations using the confirmed Owner identity
4. Use AuthLog method to retrieve detailed authentication records if needed
5. Implement timeout handling for EXPIRED authentication attempts
## AuthorizeBehavior
AuthorizeBehavior is a bi-directional stream that masters use to confirm explicit behaviors from owners. Much like AuthenticateOwner, the owner will receive a notification in their OnliYou app to authorize a behavior by either accepting or denying the request. It is a feature of a capability-based authorization system; owners must explicitly authorize behaviors before they can be executed, and only behaviors granted to them by the appliance owner can be executed. The behaviors are a master created array of strings that can be configured with the appliance tray APIs. Move is the first available behavior by default on every appliance.
**Resources:** [Proto](https://buf.build/onlicorp/onli-cloud/docs/main:onliCloudApi#onliCloudApi.OnliCloudApi.AuthorizeBehavior) + [Example](https://www.postman.com/onlicorp/onli/grpc-request/679a55540979325625ad5613)
**Prerequisites:** Target Owner `user_id`, `app_symbol`, specific behavior to authorize, and message body explaining the authorization request.
### `AuthorizeBehaviorReq`
| Field | Description |
|-------|-------------|
| `owner` | Target Owner user ID to authorize behavior for |
| `app_symbol` | Your App Symbol |
| `note` | Authorization details for the Owner |
| `behavior` | Specific behavior requesting authorization (e.g., "login", "move") |
| `body` | Message body explaining the authorization request to the Owner |
### `AuthorizeBehaviorRecord`
| Field | Description |
|-------|-------------|
| `owner` | Target Owner user ID that was asked for authorization |
| `auth_log_id` | Unique identifier for this authorization log entry |
| `authentication_status` | Authorization result status (e.g., "AuthenticationStatusACCEPTED") |
| `app_symbol` | Your App Symbol |
| `note` | Authorization details that were sent to the Owner |
| `behavior` | Specific behavior that was authorized |
| `body` | Message body that was sent to the Owner |
### Example Request
```json
{
"owner": "usr-319d53bc-cf9b-5cea-9ec7-e6863a35b450",
"app_symbol": "ENGMA",
"note": {
"behavior": "login",
"body": "Please Confirm Request to Authorize from ENGMA"
}
}
```
### Example Response
```json
{
"owner": "usr-319d53bc-cf9b-5cea-9ec7-e6863a35b450",
"auth_log_id": "auth-log-19a0d6a8-f8b3-4f7d-9676-d6651d8db8c0",
"authentication_status": "AuthenticationStatusACCEPTED",
"app_symbol": "ENGMA",
"note": {
"behavior": "login",
"body": "Please Confirm Request to Authorize from ENGMA"
}
}
```
### Default Behaviors
| Behavior | Description | Availability |
|----------|-------------|--------------|
| **move** | Asset movement operations | Default on every appliance |
| **BEHAVIOR** | Any desired appliance behavior | Configurable via Appliance Tray APIs |
### Behavior Configuration
- **Appliance Tray APIs**: Use to configure custom user_behaviors and user_classes for your appliance
- **User Type Requirement**: Behavior must exist under the user class in Onli ID, and the owner must be of that user class (set in the Owner Object, see UpdateOwner and CreateOwner)
- **Master Control**: App developers create and manage behavior arrays alongside user_classes
### Authorization Status Values
| Status | Description | Meaning |
|--------|-------------|---------|
| **ASKED** | Authorization request initiated | Waiting for Owner response |
| **ACCEPTED** | Owner approved behavior | Authorization successful |
| **DENIED** | Owner rejected behavior | Authorization failed |
| **EXPIRED** | Owner did not respond within time limit | Authorization timed out |
### Next Steps
After successfully authorizing a behavior:
1. Use the `auth_log_id` to track the authorization event
2. Store the authorization status for your application's permission logic
3. Execute the authorized behavior with confirmed Owner permission
4. Use AuthLog method to retrieve detailed authorization records if needed
5. Configure additional behaviors via Appliance Tray APIs as needed
---
## AuthLog
Owners possess an immutable chain of all transactions with their Gene stored in the Onli_ID AuthLog. This log is an accounting method to gather request and response data from a specific appliance-owner Onli_ID event. Masters have access to auth log events that they've triggered through this API method; Owners possess their own auth log inside of their Onli You app.
Utilize accounting by retrieving a specific auth log entry to review the complete request and response data for any authentication or authorization event.
**Resources:** [Proto](https://buf.build/onlicorp/onli-cloud/docs/main:onliCloudApi#onliCloudApi.OnliCloudApi.AuthLog) + [Example](https://www.postman.com/onlicorp/onli/grpc-request/679a4c2bde5f880cbcd74d36)
**Prerequisites:** `app_symbol` and `auth_log_id` from a previous authentication or authorization event.
### `AuthLogRequest`
| Field | Description |
|-------|-------------|
| `app_symbol` | Your App Symbol |
| `auth_log_id` | Unique identifier for the auth log entry to retrieve |
### `AuthLogResponse`
| Field | Description |
|-------|-------------|
| `AuthLogId` | The auth log identifier that was requested |
| `TS` | Unix timestamp (nanoseconds) when the event occurred |
| `WhichSecurityMethod` | Security method used (e.g., "ask_to_move_stream", "authenticate_owner") |
| `WhichAppliance` | App symbol of the appliance that triggered the event |
| `GeoData` | Geographic data for the event (may be null) |
| `Request` | JSON string containing the original request data |
| `Response` | JSON string containing the original response data |
| `Err` | Error message if the event failed (empty string if successful) |
### Example Request
```json
{
"app_symbol": "ENGMA",
"auth_log_id": "auth-log-19a0d6a8-f8b3-4f7d-9676-d6651d8db8c0"
}
```
### Example Response
```json
{
"AuthLogId": "auth-log-19a0d6a8-f8b3-4f7d-9676-d6651d8db8c0",
"TS": "1738763781676826463",
"WhichSecurityMethod": "ask_to_move_stream",
"WhichAppliance": "ENGMA",
"GeoData": null,
"Request": "{ \"to\": \"usr-319d53bc-cf9b-5cea-9ec7-e6863a35b450\", \"note\": { \"behavior\": \"move\", \"body\": \"Accept ask to move request from ENGMA\" }, \"app_symbol\": \"ENGMA\", \"amount\": 1 }",
"Response": "{ \"ask_to_move_id\": \"61c81618-1455-41c6-b5b9-6a1d04be5612\", \"pkg_tag\": \"e484868e-89db-406e-882f-321e9341977c\", \"to\": \"usr-319d53bc-cf9b-5cea-9ec7-e6863a35b450\", \"note\": { \"behavior\": \"move\", \"body\": \"Accept ask to move request from ENGMA\" }, \"amount\": 1, \"app_symbol\": \"ENGMA\", \"asset_balance\": 8, \"notified_at\": 1738763619, \"status\": 3, \"expires_at\": 1754531619, \"behavior_status\": true, \"authorization_status\": true, \"auth_log_id\": \"auth-log-19a0d6a8-f8b3-4f7d-9676-d6651d8db8c0\" }",
"Err": ""
}
```
### Security Methods Logged
| Method | Description | Log Contains |
|--------|-------------|--------------|
| **ask_to_move_stream** | Asset movement requests | AskToMove request/response data |
| **authenticate_owner** | Owner authentication events | Authentication request/response data |
| **authorize_behavior** | Behavior authorization events | Authorization request/response data |
| **issue** | Asset issuance events | Issue request/response data |
| **change_owner** | Ownership transfer events | ChangeOwner request/response data |
### Immutable Chain Properties
- **Immutable**: Auth log entries cannot be modified or deleted
- **Complete Record**: Contains full request and response JSON data
- **Timestamp Precision**: Nanosecond-level timestamp accuracy
- **Access Control**: Masters can only access logs they triggered
- **Owner Access**: Owners have complete access via OnliYou app
### Data Format
- **Request/Response Fields**: Stored as JSON strings for complete data preservation
- **Timestamp Format**: Unix nanoseconds for precise event timing
- **Error Tracking**: Empty string indicates successful operation
- **Geographic Data**: May include location information (optional)
### Use Cases
| Purpose | Description | Benefits |
|---------|-------------|----------|
| **Audit Trail** | Track all authentication/authorization events | Compliance and security monitoring |
| **Debugging** | Review failed transactions and error details | Troubleshooting integration issues |
| **Analytics** | Analyze usage patterns and security events | Business intelligence and optimization |
| **Compliance** | Maintain records for regulatory requirements | Legal and regulatory compliance |
### Next Steps
After successfully retrieving an auth log:
1. Parse the Request and Response JSON strings for detailed analysis
2. Use the timestamp for chronological event tracking
3. Check the Err field for any error conditions that occurred
4. Store relevant information for your application's audit requirements
5. Use the security method information to categorize different event types
---
## Oracle
The Oracle is a database registry that keeps a record of the state of each genome across the system. The Oracle serves as evidence of the source of truth for the state of genomes across the network and maintains the record of ownership for each asset class you hold.
### Access Control & Visibility
The Oracle operates under different access policies depending on the deployment environment:
#### Developer Instances
- The `revealGenomes` RPC is available to developers only
- Oracle data is private by default and viewable to developers for learning and understanding how Onli works
- Intended for development, testing, and educational purposes
#### Production Instances
- The Oracle is only viewable between Owners
- Oracle registry views are triggered by and authorized by the genome owners with a use policy (who, when, how long)
- Access requires explicit owner authorization and follows strict permission controls
#### Custom Production Instances
- Can be configured to use the Oracle at the developer's discretion
- This is not the normal configuration and requires specific setup
- Provides flexibility for specialized deployment scenarios
### RevealGenomes
Returns oracle helix records for a specified owner. This method provides detailed genome state information including ownership history, asset details, and current status.
**Resources:** [Proto](https://buf.build/onlicorp/onli-cloud/docs/main:onliCloudApi#onliCloudApi.OnliCloudApi.RevealGenomes)
### `RevealGenomesInput`
| Field | Description |
|-------|-------------|
| `search_condition` | The column to search (supports * as wildcard, leave empty for no search) |
| `search_keyword` | Regex supported search query (e.g., "^one\|kilo$") |
| `limit` | Maximum number of records to return (e.g., "1000") |
| `offset` | Number of records to skip (e.g., "0") |
| `sort_by` | Column to sort by (leave empty for no sorting) |
| `sort_order` | Sort direction: "ASC" for ascending, "DESC" for descending |
| `who` | User ID of the owner whose records to reveal |
### `RevealGenomesResponse`
| Field | Description |
|-------|-------------|
| `OracleHelices` | Array of oracle helix records containing genome state information |
#### Oracle Helix Record Fields
| Field | Description |
|-------|-------------|
| `which_onli` | Unique Onli ID identifier for the genome |
| `what_kind` | Asset classification identifier |
| `what_type` | Asset type (e.g., "denomination") |
| `what_face` | Face value of the asset (e.g., "one") |
| `last_owner_id` | Previous owner's user ID |
| `last_owner_name` | Previous owner's display name |
| `current_owner_id` | Current owner's user ID |
| `current_owner_name` | Current owner's display name |
| `blacklisted` | Boolean indicating if the genome is blacklisted |
| `last_updated` | Unix timestamp (nanoseconds) of last update |
### Example Request
```json
{
"search_condition": "what_face",
"search_keyword": "^one|kilo$",
"limit": "1000",
"offset": "0",
"sort_by": "what_face",
"sort_order": "ASC",
"who": "usr-319d53bc-cf9b-5cea-9ec7-e6863a35b450"
}
```
### Example Response
```json
{
"OracleHelices": [
{
"which_onli": "onl-d8042a84-5663-4cb2-94f7-aa61b581f320",
"what_kind": "ABCDE",
"what_type": "denomination",
"what_face": "one",
"last_owner_id": "usr-treasury-vault-system",
"last_owner_name": "treasury",
"current_owner_id": "usr-319d53bc-cf9b-5cea-9ec7-e6863a35b450",
"current_owner_name": "example name",
"blacklisted": false,
"last_updated": "1738780042109969295"
}
]
}
```
### Search Capabilities
| Feature | Description | Example |
|---------|-------------|---------|
| **Wildcard Search** | Use * to match any characters | `search_condition: "*"` |
| **Regex Support** | Full regex pattern matching | `search_keyword: "^one\|kilo$"` |
| **Column Filtering** | Search specific fields | `search_condition: "what_face"` |
| **Pagination** | Control result sets with limit/offset | `limit: "100", offset: "200"` |
| **Sorting** | Order results by any field | `sort_by: "last_updated"` |
### Error Handling
| Error Code | Error Message | Reason | Resolution |
|------------|---------------|--------|------------|
| **Unavailable** | unable to initialize GenomeOracleUser client | OCT not able to connect to GenomeOracle | Check Oracle service connectivity |
| **Internal** | unable to get RevealGenomes | Internal error in GenomeOracle | Retry request or contact support |
| **Internal** | unable to find onli_id in oracle database | Internal error in oracle database | Verify owner ID exists and retry |
### Oracle Functionality
The Oracle provides comprehensive genome tracking capabilities:
- **Ownership History**: Complete chain of ownership for each genome
- **Asset Classification**: Detailed categorization of genome types and values
- **State Verification**: Real-time status and blacklist information
- **Search & Discovery**: Flexible querying with regex and wildcard support
- **Audit Trail**: Immutable record of all genome state changes
### Use Cases
| Purpose | Description | Benefits |
|---------|-------------|----------|
| **Asset Verification** | Confirm ownership and authenticity | Trust and security validation |
| **Compliance Tracking** | Monitor asset movement and status | Regulatory compliance support |
| **Portfolio Management** | View and analyze asset holdings | Investment and allocation insights |
| **Audit & Forensics** | Investigate transaction history | Security and dispute resolution |
### Next Steps
After successfully querying the Oracle:
1. Parse the `OracleHelices` array for detailed genome information
2. Use the ownership data for verification and compliance purposes
3. Monitor `last_updated` timestamps for change detection
4. Check `blacklisted` status before processing assets
5. Use search capabilities to filter and analyze specific asset classes
---
## Additional Methods
The Onli Cloud API includes several other methods for comprehensive asset and genome management:
- **DefineGenomeStream**: Create and configure genome definitions
- **Blacklist**: Mark genomes as blacklisted for security
- **List**: Retrieve lists of genomes and assets
- **UpdateSettlementTime**: Modify settlement timing parameters
- **GetAskToMoveRecord**: Retrieve transfer request details
- **ReturnAskToMove**: Cancel or return transfer requests
- **AskToAdd**: Request to add assets or permissions
- **AskAssetBalance**: Query asset balance information
- **DrawerBalance**: Check drawer balance information
- **GetLogisticsInfo**: Retrieve logistics and shipping details
- **GetPkgSlip**: Access package slip information
Detailed documentation for each method is available in their respective sections.
---
# Source: https://onli.support/api-reference/owners-api/
---
title: "Owners"
---
# Owners API
The Owners API provides methods for managing Owner identities on the Onli_One network. Every Onli has an Owner - an Onli ID tightly coupled to a Gene and stored in an Owner's Vault. Possessing anOnli ID enables Authentication and Authorization across the Onli_One network.
> Owners API refers to the [Onli ID RPC Service](https://buf.build/onlicorp/onli-id) and has it's own url separate and distinct from Onli Cloud Services.
## Core Concepts
**Owners vs Users vs Appliances**
- **Owners**: Onli ID entities tightly coupled to a Gene, stored in an Owner's Vault. Owners have complete control over their Owner Object.
- **Users**: Created and controlled by Appliance developers. Users are provisioned by the Appliance developer.
- **Appliances**: Applications that connect Owner Objects to User Objects. Appliances have complete control over their User Objects.
**Owner Creation Process**
When developing an Appliance, you are connecting an Owner Object to a User Object:
- **New Owner**: If the User is not an existing Owner, they can be provisioned by the Appliance using the CreateOwner call
- **Existing Owner**: If the user already exists, their Owner object can be added to your Appliance stack
**Prerequisites**
To assemble an Onli ID rpc request, you need:
- **user_id**: "Master ID", provided upon Appliance registration completion
- **app_key**: "Appliance Key", provided upon Appliance Developer registration
Both credentials are available once your Appliance Developer registration is complete. Please sign up at [OnliCloud.com](https://onlicloud.com) to get your credentials.
Resources:
- [Onli ID API Buf.Build Protocol Buffers](https://buf.build/onli/api) - Complete protocol buffer definitions
- [Onli ID API Postman Collection](https://www.postman.com/onlicorp/onli/collection/6797a4d869c951396fe47855) - Interactive examples
## CreateOwner
CreateOwner creatse a new user object from a minted `onli_you_id` and triggers an email invitation to the potential Owner.
To CreateOwner, you need an `onli_you_id`. The `onli_you_ids` are minted by Onli Administrators and provided to the Appliance Owner. Each `onli_you_id` can be used to create a new owner and add them as a member of your Appliance. You need to provide an Email and Phone number in the request. A confirmation Email and SMS will be sent which will be used by the potential Owner in the BuildYou phase.
**Resources:** [Proto](https://buf.build/onli/api/file/main:onli/id/v1/id.proto) + [Example](https://www.postman.com/onlicorp/onli/grpc-example/679a1bfb80e5f117f0f6a798?ctx=documentation)
**Prerequisites:** `onli_you_id`, `app_symbol`. `user_class` & `user_behaviors` are customizable by Appliance Owners, through Appliance Tray APIs. Ensure your Appliance has `user_class` & `user_behaviors` configured in your Appliance Tray.
### `CreateRequest`
| Field | Description |
|-------|-------------|
| `data` | Container for identity and context information |
| `identity` | Owner identity information |
| `onli_you_id` | Unique identifier for the user object and potential Owner |
| `email` | Owner's email address |
| `phone` | Owner's phone number (+X International Format) |
| `context` | Application context information |
| `appliances` | Appliance-specific configurations |
| `\{app_symbol\}` | Your App Symbol |
| `user_class` | User class, customizable classification by Appliance Owners, through Appliance Tray APIs (e.g., "owner") |
### `IdentityResponse`
| Field | Description |
|-------|-------------|
| `identity` | identity container |
| `onli_you_id` | Unique identifier for the user object and potential Owner |
### Example Request
```json
{
"data": {
"identity": {
"onli_you_id": "usr-48a757fa-a0fb-5204-b0ca-96c91d3acbc3",
"created_by_app": "ENGMA",
"email": "my@email.com",
"phone": "+0000000000111"
},
"context": {
"appliances": {
"ENGMA": {
"user_class": "owner"
}
}
}
}
}
```
### Example Response
```json
{
"identity": {
"onli_you_id": "usr-48a757fa-a0fb-5204-b0ca-96c91d3acbc3"
}
}
```
### Email Invitation Example
When the CreateOwner request is successfully completed, the Owner receives an email invitation. It contains information for downloading the OnliYou app and completing the buildYou phase; The email also contains the invite code and app symbol necessary for Owner creation.
> NOTE: the email invitation is sent by the Onli platform. It is not sent by your Appliance.
### Next Steps
After successfully creating an Owner:
1. The Owner will receive an email invitation
2. Owner can complete setup in the OnliYou app
3. The status of the Owner can be checked using the GetOwner, FetchOwner, or ListOwner methods
4. Once the Owner is created, you can use the OnliCloud APIs to issue assets and send gene related requests to the Owner
## GetOwner
Retrieve an Onli Owner Object and relevant User Appliance stored data.
Onli_One runs on the cloudMode storage framework. This means every object has three sections or set of values (called entities): Identity, Content and Context. The data stored in Identity is controlled by the Owner. Context contains Appliance controlled information. The key `context.appliances` is a dynamic key-value portion that appliance developers can use that is a part of the Owner Object. It is up to the appliance developers to create and maintain the data in this section. Storing context dependent data in `context.appliances` is an excellent way to extend the owners attributes for your Appliance.
**Resources:** [Proto](https://buf.build/onlicorp/onli-id/docs/main:userApi#userApi.OnliIdService.GetOwner) + [Example](https://www.postman.com/onlicorp/onli/grpc-example/679a1b270979325625acdca7?ctx=documentation)
**Prerequisites:** `app_symbol`, `onli_you_id` of the Owner you want to retrieve.
### `GetOwnerRequest`
| Field | Description |
|-------|-------------|
| `app_symbol` | Your App Symbol |
| `onli_you_id` | Unique identifier for the Owner you want to retrieve |
### `GetOwnerResponse`
| Field | Description |
|-------|-------------|
| `data` | Container for identity and context information |
| `identity` | Owner identity information (controlled by Owner) |
| `onli_you_id` | Unique identifier for the Owner |
| `first_name` | Owner's first name |
| `alt_name` | Owner's alternative name |
| `last_name` | Owner's last name |
| `email` | Owner's primary email address |
| `alt_email` | Owner's alternative email address |
| `username` | Owner's username |
| `address` | Owner's primary address |
| `address_2` | Owner's secondary address line |
| `city` | Owner's city |
| `state` | Owner's state/province |
| `postal` | Owner's postal/zip code |
| `country` | Owner's country |
| `phone` | Owner's phone number (+X International Format) |
| `company` | Owner's company |
| `status` | Owner's status (e.g., "STATUS_ACTIVE") |
| `context` | Application context information (controlled by Appliance) |
| `appliances` | Appliance-specific configurations |
| `\{app_symbol\}` | Your App Symbol configuration |
| `user_class` | User class assigned to this Owner |
| `status` | Owner's status within your Appliance (e.g., "STATUS_APP_ACTIVE") |
| `extra` | JSON string containing custom key-value data for additional Appliance-specific information |
### Example Request
```json
{
"app_symbol": "ENGMA",
"onli_you_id": "usr-afa3dae3-e37e-525e-927d-f65660dd2d30"
}
```
### Example Response
```json
{
"data": {
"identity": {
"onli_you_id": "usr-afa3dae3-e37e-525e-927d-f65660dd2d30",
"first_name": "bob",
"alt_name": "test-alt_name",
"last_name": "tester",
"email": "email@1234.com",
"alt_email": "test-alt_email",
"username": "ian-tester-10",
"address": "test-address",
"address_2": "test-address-2",
"city": "test-city",
"state": "test-state",
"postal": "test-postal",
"country": "test-country",
"phone": "+0000000000124",
"company": "test-company",
"status": "STATUS_ACTIVE"
},
"context": {
"appliances": {
"ENGMA": {
"user_class": "onliu-tester",
"status": "STATUS_APP_ACTIVE"
}
}
}
}
}
```
### Next Steps
After successfully retrieving an Owner:
1. Use the identity data to display Owner information in your application
2. Use the context.appliances data to understand the Owner's relationship with your Appliance
3. Store or cache relevant information for your application's use
4. Use other Onli ID API methods to update or manage the Owner as needed
## FetchOwner
A lightweight Get-ish method that returns a singular owner attribute value instead of a scope of owner attributes or entire entity.
FetchOwner allows you to retrieve specific attributes from the Owner Object without fetching the complete data set. This is useful when you only need a particular piece of information like the username, email, or any custom attribute stored in the `context.appliances` section.
**Resources:** [Proto](https://buf.build/onlicorp/onli-id/docs/main:userApi#userApi.OnliIdService.FetchOwner) + [Example](https://www.postman.com/onlicorp/onli/grpc-example/679a1a020979325625acda51?ctx=documentation)
**Prerequisites:** `app_symbol`, `onli_you_id` of the Owner, and the specific `condition` (attribute path) you want to retrieve.
### `FetchOwnerRequest`
| Field | Description |
|-------|-------------|
| `app_symbol` | Your App Symbol |
| `onli_you_id` | Unique identifier for the Owner |
| `condition` | Attribute path to retrieve (e.g., "identity.username", "context.appliances.\{app_symbol\}.user_class") |
### `FetchOwnerResponse`
| Field | Description |
|-------|-------------|
| `data` | Container for the requested attribute |
| `identity` | Identity section (if condition targets identity attributes) |
| `\{attribute\}` | The specific attribute value requested |
| `context` | Context section (if condition targets context attributes) |
| `appliances` | Appliance-specific data (if condition targets appliance attributes) |
| `\{app_symbol\}` | Your App Symbol data |
| `\{attribute\}` | The specific appliance attribute requested (including extra object) |
### Example Request
```json
{
"app_symbol": "ENGMA",
"onli_you_id": "usr-afa3dae3-e37e-525e-927d-f65660dd2d30",
"condition": "identity.username"
}
```
### Example Response
```json
{
"data": {
"identity": {
"username": "my-username"
}
}
}
```
### Common Condition Examples
| Condition | Returns |
|-----------|---------|
| `identity.username` | Owner's username only |
| `identity.email` | Owner's email address only |
| `identity.status` | Owner's entire user object status |
| `context.appliances.\{app_symbol\}.user_class` | User class for your appliance only |
| `context.appliances.\{app_symbol\}.status` | Owner's status within your appliance only; controlled by your Appliance |
| `context.appliances.\{app_symbol\}.extra` | JSON string containing custom key-value data for your appliance |
### Next Steps
After successfully fetching a specific Owner attribute:
1. Use the returned value directly in your application logic
2. Cache the specific attribute if needed for performance
3. Use FetchOwner for efficient attribute checking without full Owner data retrieval
4. Combine with other Onli ID API methods for complete Owner management
## ListOwner
List all of the Owners that are Users of your Appliance. Retrieve full data objects or specified attribute values in the conditions.
ListOwner allows you to get a comprehensive list of all Owners associated with your Appliance. You can retrieve complete Owner data objects or specify particular attributes using the condition parameter. This is useful for displaying user lists, generating reports, or performing bulk operations on your Appliance's user base.
**Resources:** [Proto](https://buf.build/onlicorp/onli-id/docs/main:userApi#userApi.OnliIdService.ListOwner) + [Example](https://www.postman.com/onlicorp/onli/grpc-example/6797b2b769c951396fe49312)
**Prerequisites:** `app_symbol` and optionally `condition` to specify what data to retrieve, plus `meta` parameters for pagination.
### `ListOwnerRequest`
| Field | Description |
|-------|-------------|
| `app_symbol` | Your App Symbol |
| `condition` | Data retrieval specification (e.g., "full" for complete objects, or specific attribute paths) |
| `meta` | Metadata for pagination and filtering |
| `limit` | Maximum number of Owners to return in the response |
### `ListOwnerResponse`
| Field | Description |
|-------|-------------|
| `data` | Array of Owner objects matching the request criteria |
| `[\{owner_object\}]` | Individual Owner data based on condition parameter |
| `identity` | Owner identity information (if condition includes identity data) |
| `onli_you_id` | Unique identifier for the Owner |
| `first_name` | Owner's first name |
| `last_name` | Owner's last name |
| `email` | Owner's email address |
| `phone` | Owner's phone number |
| `status` | Owner's status (e.g., "STATUS_ACTIVE", "STATUS_INVITED") |
| `...` | Other identity fields based on condition |
| `context` | Application context information |
| `appliances` | Appliance-specific configurations |
| `\{app_symbol\}` | Your App Symbol configuration |
| `user_class` | User class assigned to this Owner |
| `status` | Owner's status within your Appliance |
| `extra` | JSON string containing custom key-value data for additional Appliance-specific information |
### Example Request
```json
{
"app_symbol": "ENGMA",
"condition": "full",
"meta": {
"limit": 10
}
}
```
### Example Response
```json
[
{
"identity": {
"onli_you_id": "usr-c583f88e-a318-5c11-a84b-f4f4b4926ade",
"email": "e@fail.com",
"phone": "+0000000000317",
"status": "STATUS_INVITED"
},
"context": {
"appliances": {
"ENGMA": {
"user_class": "owner",
"status": "STATUS_APP_ACTIVE"
}
}
}
},
{
"identity": {
"onli_you_id": "usr-d7da6d6a-4ab1-53f4-a599-51f97840aa93",
"first_name": "SOPHIA",
"alt_name": "REBECCA",
"last_name": "MEYERS",
"email": "e@mail.com",
"alt_email": "ian@onlicorp.com",
"username": "scooter1025",
"address": "124 Fake Road",
"city": "Concord",
"state": "MA",
"postal": "01742",
"country": "USA",
"phone": "+0000000000217",
"company": "Onlicorp",
"status": "STATUS_ACTIVE"
},
"context": {
"appliances": {
"ENGMA": {
"user_class": "owner",
"status": "STATUS_APP_ACTIVE",
"extra": "{\"foo\": \"bar\", \"baz\": \"qux\"}"
}
}
}
}
]
```
### Common Condition Examples
| Condition | Returns |
|-----------|---------|
| `full` | Complete Owner objects with all available data |
| `identity.email` | Only email addresses for all Owners |
| `identity.status` | Only status information for all Owners |
| `context.appliances.\{app_symbol\}.user_class` | Only user class assignments for all Owners |
| `context.appliances.\{app_symbol\}.extra` | JSON strings containing custom key-value data for all Owners |
### Pagination & Filtering
Use the `meta` object to control the response:
- **`limit`**: Maximum number of Owners to return
- **Pagination**: Use multiple requests with different limits/offsets as needed
### Next Steps
After successfully listing Owners:
1. Process the returned Owner array for your application's needs
2. Use individual `onli_you_id` values with GetOwner or FetchOwner for detailed operations
3. Filter and sort the results based on status, user_class, or other attributes
4. Implement pagination for large Owner lists to improve performance
## UpdateOwner
Update an attribute of an Owner's Appliance data by specifying the attribute and desired value to update.
UpdateOwner gives developers control over the appliances attribute in the RPC message. While this RPC does not replace the entire existing block (re: REST PUT), please take care not to update the entire context of an Owner when only one attribute is desired. UpdateOwner attributes will only be updated if the attribute exists, thus if the attribute doesn't exist, the service will create the key value for the specified owner.
**Resources:** [Proto](https://buf.build/onlicorp/onli-id/docs/main:userApi#userApi.OnliIdService.UpdateOwner) + [Example](https://www.postman.com/onlicorp/onli/grpc-example/679a1af9de5f880cbcd6e572)
**Prerequisites:** `onli_you_id` of the Owner to update and the specific appliance context attributes you want to modify.
### `UpdateOwnerRequest`
| Field | Description |
|-------|-------------|
| `data` | Container for identity and context information |
| `identity` | Owner identity information (for identification) |
| `onli_you_id` | Unique identifier for the Owner to update |
| `context` | Application context information to update |
| `appliances` | Appliance-specific configurations to modify |
| `\{app_symbol\}` | Your App Symbol configuration |
| `user_class` | User class to update (optional) |
| `status` | Status to update (optional) |
| `extra` | JSON string containing custom key-value data to update (optional) |
### `UpdateOwnerResponse`
| Field | Description |
|-------|-------------|
| `identity` | Confirmation of the updated Owner |
| `onli_you_id` | Unique identifier of the updated Owner |
### Example Request
```json
{
"data": {
"identity": {
"onli_you_id": "usr-319d53bc-cf9b-5cea-9ec7-e6863a35b450"
},
"context": {
"appliances": {
"ENGMA": {
"extra": "{\"foo\":\"bar\"}"
}
}
}
}
}
```
### Example Response
```json
{
"identity": {
"onli_you_id": "usr-319d53bc-cf9b-5cea-9ec7-e6863a35b450"
}
}
```
### Update Behavior
| Scenario | Behavior |
|----------|----------|
| **Attribute exists** | Updates the existing attribute value |
| **Attribute doesn't exist** | Creates the new key-value pair |
| **Partial updates** | Only specified attributes are modified; others remain unchanged |
| **Identity data** | Cannot be updated via this method (identity is Owner-controlled) |
### Common Update Examples
| Update Target | Request Structure |
|---------------|-------------------|
| **User Class** | `context.appliances.\{app_symbol\}.user_class: "new_class"` |
| **Status** | `context.appliances.\{app_symbol\}.status: "STATUS_INACTIVE"` |
| **Extra** | `context.appliances.\{app_symbol\}.extra: "\{\"old_key\":\"new_value\"\}"` |
### Best Practices
- **Targeted Updates**: Only include the specific attributes you want to change
- **Preserve Existing Data**: Remember that unspecified attributes remain unchanged
- **Extra Field Format**: Ensure `extra` field contains properly escaped JSON string
### Next Steps
After successfully updating an Owner:
1. Use GetOwner or FetchOwner to verify the update was applied correctly
2. Update your application's local cache if applicable
3. Log the change for audit purposes if required
4. Handle any dependent business logic that relies on the updated attributes
## AskToAddOwner
Add an existing Owner as a User of your Appliance. Serves as a notification that requires Owner authorization to complete.
AskToAddOwner serves as a confirmation of an existing Owner requesting to be a member of your Appliance. Owners must first request to be a member of your Appliance, then and only then will you be able to add them as an Owner of your Appliance. All Appliances can receive membership requests through the Onli Cloud App.
### Owner Membership Scenarios
| Scenario | Initiator | Process | Next Step |
|----------|-----------|---------|-----------|
| **New Owner Creation** | App developer | Invite a brand new user to become an owner and member of your appliance | Use **CreateOwner** - triggers invite email to potential member |
| **Non-existing Owner Request** | Non-existing user | Uses Onli You app to request invitation with app symbol | App dev notified via GetQueueMsg → Use **CreateOwner** to accept request |
| **Existing Owner Request** | Existing owner | Member of other appliances requests invitation to your appliance | App dev notified via GetQueueMsg → Use **AskToAddOwner** to offer membership |
| **App Dev Invitation** | App developer | App dev has valid email of existing owner and offers membership | Use **AskToAddOwner** → Owner receives notification to accept/deny |
### Notification & Queue System
- **App Developer Notifications**: Received through Appliance Tray Services message queue
- **Queue Message Retrieval**: Use `GetQueueMsg` to check for membership requests
- **Owner Notifications**: Sent through Onli You app for acceptance/denial
- **Request Tracking**: Each scenario generates trackable request IDs
**Resources:** [Proto](https://buf.build/onlicorp/onli-id/docs/main:userApi#userApi.OnliIdService.AskToAddOwner) + [Example](https://www.postman.com/onlicorp/onli/grpc-example/679a1e17412d99eb59ebcdd5)
**Prerequisites:** `onli_you_id` of an existing Owner who has requested to join your Appliance, and `app_symbol` of your Appliance.
### `AskToAddOwnerRequest`
| Field | Description |
|-------|-------------|
| `data` | Container for the add owner request information |
| `onli_you_id` | Unique identifier of the existing Owner to add |
| `app_symbol` | Your App Symbol (invite owner from a different appliance) |
| `appliance` | Appliance configuration for the new Owner |
| `user_class` | User classification to assign to the Owner (e.g., "owner") |
### `AskToAddOwnerResponse`
| Field | Description |
|-------|-------------|
| `onli_you_id` | Unique identifier of the Owner being added |
| `ask_to_add_owner_id` | Unique identifier for this add owner request |
| `app_symbol` | Your App Symbol confirming the request |
### Example Request
```json
{
"data": {
"onli_you_id": "usr-afa3dae3-e37e-525e-927d-f65660dd2d30",
"app_symbol": "ENGMA",
"appliance": {
"user_class": "owner"
}
}
}
```
### Example Response
```json
{
"onli_you_id": "usr-afa3dae3-e37e-525e-927d-f65660dd2d30",
"ask_to_add_owner_id": "61c81618-1455-41c6-b5b9-6a1d04be5612",
"app_symbol": "ENGMA"
}
```
---
# Source: https://onli.support/api-reference/requirements/
---
title: "API Requirements"
description: "Developer credentials and setup requirements for the Onli Platform API"
author: "Onli Platform"
date: "2024-01-01"
tags: ["api", "requirements", "credentials"]
---
# API Requirements
This guide covers the essential requirements for integrating with the Onli Platform APIs. You'll need developer credentials, proper gRPC setup, authentication metadata, and specific configurations for TLS and testing tools. The platform uses gRPC for all API communication and requires specific metadata for authentication on each request.
## Developer Credentials
Developers receive all credentials through the web portal at [OnliCloud.com](https://onlicloud.com).
`app_key` and`app_symbol` will all be available after appliance registration by the appliance owner on [OnliCloud.com](https://onlicloud.com).
Your Onli ID URL is the `env` (aka `deployment_subdomain`) in the subdomain of `ENV.onli.network`. E.g. `dev.onli.network`
Your Onli Cloud URL is the `app_symbol` in the subdomain of an Onli ID URL, such as `APP_SYMBOL.env.onli.app`. E.g. `engma.dev.onli.app`
## gRPC
**[gRPC](https://grpc.io)** Remote Procedure Calls - are the interface of the Onli One Network and your Onli Cloud instance.
RPCs are flexible, fast and reliable. And its protobuf framework is extensible enough that any Appliance technology can integrate with it. Become familiar with RPCs, because it is how you communicate with the Onli Cloud and Onli One Network.
This API framework also lets us develop with natural human language to grasp and interact with Owners and Assets. What this means is that every call is named what it does and can be used without the need to delve into documentation.
Get started [here](https://grpc.io/docs/what-is-grpc/) to lean more.
## TLS Configuration
Onli Cloud APIs use **mutual TLS (mTLS)** for secure, authenticated communication. gRPC clients require an `app_key` along with an mTLS client certificate and key.
Your mTLS client certificate and key are available in the appliance connection details on [OnliCloud.com](https://onlicloud.com).
## API Authentication
All API requests require authentication using gRPC metadata. You must include the following metadata attribute with every request:
`app_key` - Your Appliance API key (obtained from the web portal)
This credential authenticates your appliance for each API call and is provided when you register your appliance on [OnliCloud.com](https://onlicloud.com).
## Anything else?
Our API Reference uses `ENGMA` (`app_symbol`) as the appliance we're developing for. So, anytime you see Enigma, know that it is just a placeholder for your appliance.
### Clear & OnliYou
When developing in non-production environments, the OnliYou app uses the **Clear sandbox** from [ClearMe](https://clearme.com) for identity verification during owner creation and vault initialization.
### Postman
**Important:** Postman only supports gRPC methods in the desktop application, not the web version.
To get started with our APIs:
1. **Download** the [Postman Desktop App](https://www.postman.com/downloads/)
2. **Fork** the [Onli Cloud and Onli ID API collections](https://www.postman.com/onlicorp/onli/overview) to your workspace
3. **Experiment** with the provided examples and modify them for your use case
This setup allows you to test all gRPC endpoints and explore the API functionality interactively.
### OnliYou iOS Limitations
**Known Issue:** OnliYou iOS background processes may fail when:
- The iOS device is in **hotspot mode** (sharing internet connection)
- **Remote recording** is active from another device (e.g., QuickTime screen recording)
These iOS system features can interfere with background processing. For reliable testing, disable hotspot mode and stop any remote recording sessions before using OnliYou.
### Appliance Tray Services
For appliance tray services, use your **Onli ID URL** for API connections. The complete API schema and service definitions are available at [buf.build/onlicorp/appliance-tray-public](https://buf.build/onlicorp/appliance-tray-public).
This repository contains the protobuf definitions and generated code for all appliance tray service endpoints.
---
# Source: https://onli.support/concepts/basics/
---
title: "The Basics"
description: "Fundamental concepts behind the Onli Platform - understand what Onli is, how it differs from blockchain technology, and why it represents a paradigm shift in digital asset management."
---
# The Basics
Onli is not an Asset class. Onli is a digital Asset transfer technology that makes it easy to send store something of value called an Asset as easily as you send email. Onli® is a registered trademark of a luxury brand of technology services by The Onli Corporation. Onli is not an Asset class. You don’t buy an Onli like you would a bitcoin. Onli is a technology you use to build an Asset class out of. Onli is a fast, highly scalable, resilient, and secure technical architecture and eco-system.
## What is Onli?
Onli® is a technology that you use to store information in an immutable quantified state called an Asset, move the Asset around and maintain that quantified state over a network of connected devices. There is only ever one owner of that Asset. With Onli, when it comes to owners, there can be only one, Onli-You.
Onli is technology that makes it possible to make something that can be quantified as unique on a computer system. The technology lets you store information in an immutable quantified state called an Asset, move the Asset around and it maintains that quantified state over a network of connected devices because it evolves as it moves from person to person. Onli is an “actual possession” technology, that means that you physically possess it. In contrast to “custodial possession” where a third party has “custody” and ownership is an identity claim of a record in a ledger. Onli is an actual possession based system not a custodial possession or ledger based system. This means that it is digital, but it is something you physically possess. Therefore Onli works exactly like a thing in quantum reality, there is only one instance of a thing. There is only one of a thing and only you possess it. This means when used in an economic system it works just like the cash in your pocket, not like a bank account with a ledger.
Onli is a unitary container of data that uses a non-fungible (unique) data structure (Genome), tightly coupled to an unforgeable credential (Gene). This is used in a self-contained trusted execution environment, where storage operations, like copy, are realized by a process called Genome Editing. The system uses Genetic and Cryptographic Algorithms to evolve the dataset as it moves from person to person. This patented method solves the uniqueness quantification problem of computers. Scientifically speaking, uniqueness quantification means a set of data whose uniqueness is quantified. Put simply there is only one of a thing across a network of connected devices.
## Explain it like I am 5
Put simply, Onli is like a special kind of computer program that helps people create and use digital things that they can use title to something in the real world or they can use it like money or other valuable things. With Onli, you can send and store these special things easily and safely, and you can even make your own special things. It's like having your own special toy that only you can play with, and you can share it with your friends if you want to. No one can take it away because it works for one person alone, only you and you alone have it.
## What Onli is NOT
Onli is not a kind of Crypto. There is no ledger. Onli® has nothing to do with Bitcoin, Ethereum, or any other crypto technology. Onli is not blockchain. Onli is not a private key, an alphanumeric string. Onli is not an entry in a ledger. Every Onli is it’s own separate individual chain. Onli moves from person to person, peer to peer over the Onli_One network. Onli_One is not a DLT. Onli are minted not mined therefore it has no infrastructure sharing scheme like mining. Onli is different from blockchain DLT from the ground up.
## How is Onli different?
Onli is a paradigm shift. Onli is like a light bulb. A lightbulb is not a new kind of candle. A lightbulb is a different way of generating light. This is different from the ground up.
**Core Concept Differential**
- The most important difference is that Blockchain is a Custodial possession system where Onli is an Actual Possession system. Actual Possession and Custodial Possession differ in that they define transactions differently. **Custodial Possession**: a transaction is where one person holds (custody of) the Asset and makes an entry in a ledger. Ownership is a substantiated identity claim of an entry in a ledger. **Actual possession**: a transaction is a change in possession, where ownership equals possession. Put Simply the difference is that an actual possession system works like the cash in your pocket and a custodial system is like your bank account. Consequently, the digital version of these two transaction systems are naturally going to be different from one another. Onli is Actual Possession. There is no ledger. Crypto and “The Blockchain”, is a custodial possession system that stores transactions in a ledger. They are fundamentally and technically different ideas. They work differently.
**Technical Differential**
- Distributed Ledger Technology (DLT) can be defined as a distributed shared database, having copies in a blockchain data structure distributed over a set of nodes, whose entries are generated based on cryptography technology and a consensus mechanism for reconciling the nodes. DLTs maintain a reliable database in a decentralized way. One of the most significant elements of DLT is a method to pack data as a blockchain those blocks together with hash functions such that the data in the resulting “blockchain” is “immutable.” DLTs, an outgrowth of paper written in 2009 by Satoshi Nakamoto. “The Blockchain,” is a term used synonymously to mean a DLT ledger. “The Blockchain” can be viewed as a large public ledger maintained collectively on a P2P network based on consensus protocol.
- Onli can be defined as a distributed collection of blockchain databases, where each unit of value has its own blockchain, and entries are generated based on cryptography technology. Onli maintains a reliable database in a decentralized way but differs from DLT in key areas. One key differentiation is the method of decentralization. Each Onli is its own blockchain, which is possessed by its owner, an unforgeable credential, on a client device. Unlike a DLT, the blockchain data structure is not stored as a monolithic blockchain, copied across nodes, and then required to be reconciled with a consensus mechanism. Instead, ONLI transactions are individually segmented by the client in their own blockchain, stored in the client, and the server provides “compute services” that evolve the blockchain. A replicated database is used to validate the state of blockchains in possession of the client (RVO). Onli was designed to solve a different problem than DLTs, as outlined in a 2010 paper by Dhryl Anton, Michael McFall, and Peter Jensen-Haxel. Onli is a non-fungible (unique) Genome tightly coupled to an unforgeable credential and used in a patented method to solve the uniqueness quantification problem of computers. In mathematics and logic, the term “uniqueness” refers to the property of being the one and only object satisfying a certain condition -(Wikipedia). In computing, the problem is defined as how to make something on a computer, which transfers binary data by making a copy, have a unique existence across a network of connected devices. Once you have solved this problem, you can build a technology that get all the benefits of DLTs with none of the problems.
**Feature Differential**
1. Onli is original code. Onli is **not** a clone of bitcoin, erc20 a NFT, EOS or anything like that. Onli is not stored on “the Blockchain”. It just doesn’t work that way.
2. There is no private key. **No ledger**. Since the patented technology makes it possible for there to be only one of a thing then that means you can have actual possession of it. No ledger is needed.
3. An ONLI is a piece of code that evolves as it moves from person to person. **No DLT**. Owners are decentralized not the ledger. There is no ledger.
4. **Every Onli has an owner**. It is not anonymous. Every Owner is authenticated. Every transaction is strongly authorized. Ownership is registered in a transparent validation network that is private by default. Independent validation is available only to those you give permission to.
5. **Onli are stored in a Vault** not a wallet. This is actual possession technology not custodial (ledger) technology.
6. **Onli are minted** not mined. Since there is no ledger, there is no infrastructure sharing scheme. No mining. No consensus.
7. Onli, unlike crypto, was **built for financial services from day one**. Since every Onli has an owner, independent validation and actual possession. This means it has title and can meet accounting assertions as a financial Asset. Onli was built to fit within regulatory environments.
8. Onli is **a full stack** from the ground up. Its infrastructure and identity management, in one. You can define an Asset, build and operate a marketplace for your own brand of Onli. **No miners**.
9. **Onli has simple stable pricing**. There are no transactions/gas/processing fees because there is no mining. You buy services like compute (changeOwner) and storage (Vaults). You buy Value_Assets (coins) for a Nickel. Vescel, Cryptographic Containers that you can put any file into, cost 100 basis points. Onli is a white label technology. You define your Asset and sell your own brand. You set the price.
10. **Onli is fast and final** was built specifically to beat the T+2 window. Onli is fast, reliable, it has consistency and it’s scalable and final. There is no risk of forking or hacking.
This is different from the ground up.
## Is Onli open source?
No. Onli is not a fork of any other blockchain technology. Onli® is original code. Onli_One is institutional-grade commercial software available from The Onli® Corporation.
## How does Onli work?
Onli uses a patented data structure called a **Genome** - A custom unitary dataset that stores a micro array of data as the entirety of a single whole. It is quantified and whole meaning it is neither divisible or fungible. A Genome is composed of ten **Helixes** - A single set of structured data stored in an immutable sequence, which store relevant data in ordered pairs for a specific domain. Each Helix has ten **Base-Pairs** - An ordered pair of two related data elements: A Base, which is a constant that defines the data set and a Pair, which is a variable that belongs to the set. Genomes are stored in a **Vault** - A self-contained trusted execution environment. A Vault is tightly coupled, to an unforgeable credential, A **Gene** - a distinct sequence of Base-Pairs that perform the function of credentials and is a unit of heredity that is transferred when an Onli changes owner. Onli are unique. Onli move from one vault to the other and evolve as they move from person to person. This is done through a process called **Genome Editin**g - Base-Pairs are computed using proprietary algorithms to evolve specific helixes. Genome editing employs the use of Genetic and Cryptographic algorithms. This occurs in an enclave, a secure execution environment. Together this patented method solves the uniqueness quantification problem of computers. The result is a way to create something across a network of devices, of which, there can only be, one.
## What is Onli_One?
Onli runs on Onli_One. Onli_One is a full stack of technologies that make it possible to maintain a single global state across a network of connected devices. There are four parts to the Onli_One.
- **Onli** - a defined unitary dataset that uses a data structure called a Genome- an immutable packet of code that evolves as it moves, The genome is a digital representation of the Asset - something of value that you want to keep control over.
- **Onli_You** - a free mobile and desktop application that includes a Vault, a high-security authenticator and a trusted execution environment. Onli_You vaults are where owners store Assets.
- **Onli_Cloud** - a Cloud Service (FAAS) Onli_Cloud provides the compute, storage, networking, database, and platform services you need to interact with Owners on the Onli_One Network. Onli Cloud Services is a functions-as-a-service platform that, upon an authenticated request, creates Owners (Onli_ID), ask owners to move assets (AskToMove), host the master Oracle and hosts Treasury Vault were Assets are held for issuance to Owners (Issue). Onli_Cloud Services also executes requests (changeOwner) by Owners in an enclave, a secure environment. -
- **Appliances** - the application that does something with the Onli. Developers can use any technology they like to build an Appliance and connect to Onli_Cloud via remote procedure calls.
## When do I use Onli?
You use Onli when you want to create a kind of digital entity called an Asset. Move that Asset around without making copies and keep control over the Asset. An Onli is an Asset and an Asset is property owned. An Asset is a configured dataset (Genome), that is owned by an Owner (Gene), which is tightly coupled to a User in an Appliance. An Appliance is client server application that presents to the Owner a value proposition in regard to an Asset. Onli is a patented solution to the uniqueness quantification problem in computing, which means it is a way to make something on a computer, of which, there is only one, and maintain it’s uniqueness as it moves across a network of connected devices. Onli is like nothing else. This is a paradigm shift in terms of how data is stored, used and moved around. Onli can be used in lots of different ways. It was designed for use in Artificial Intelligence but it can be used to transfer any kind of Asset, from financial Assets (derive their value from contractual obligation or ownership claim) to tangible Assets (like pdf, jpg, etc). The limit is only your imagination.
## How do I use Onli?
There are two separate components to a use case.
1. There is the **Asset** - something of value that you want to keep control over. You define and mint that Genotype.
2. There is the **Appliance** - the client/server application that “does something” with a Genotype. - To move or change the owner of a Onli.
The process of building a solution with Onli and Onli_One is first to mint an Asset (Genome) and then to build Appliances that does something with that Asset. Appliances send instructions to Onli_Cloud in regards to representations of the Genotype. Appliances can ask an owner to move an Asset. Only Owners can move Assets. - Every Onli has an Owner, who is in possession of the Onli. The Owner of the Onli is the one that submits the Asset to the Transfer Agent (Onli.Cloud) and authorize the movement of the Onli.
## How much does it cost?
Onli® is not an Asset class like Bitcoin. You don’t buy an Onli. Issuers use Onli to create their own brand of Onli®. Think of it as the fabric that a quality tailor would buy rather than a suit. Onli is the fabric of innovation.
Issuers go through a stringent legal and financial framework for financial assets. There are always “real” Assets behind any Onli based financial Asset. Onli based financial assets are called micro-commodities or micro-currencies. Minting an Asset is a complex process that involves legal, technology and regulatory considerations. Our baseline consultation for this starts at $120,000. The Onli Corporation does not operate any marketplaces. Tangible Assets (like files) has a different standard. Issuers choose their own developers of their Appliances.
Onli is a technology you build things with it therefore costs will vary. The Issuer (the entity that mints the Asset) builds and maintains the infrastructure (Onli_Cloud) for their own applications. Onli_Cloud is dedicated infrastructure operated by an Issuer for their own Assets. Every Issuer operates the infrastructure for their brand of Onli. Bottom line: This is enterprise software and a typical deployment starts around $500K.
Onli is a peer-to-peer system. There are no miners therefore there are no transaction costs or miners, or gas etc. The is a one time fee of $0.05 per unit to put an asset into circulation. This is called issuing. You do this by making an ISSUE call to the Onli_Cloud instance of an appliance. There are no transfer fees. Appliances however may charge fees. Onli does not participate in that in anyway. Issuers are solely responsible for the Assets they issue. Onli is only a technology provider. Onli does not own or operate any marketplaces.
---
# Source: https://onli.support/concepts/mission/
---
title: "Our Mission"
description: "Learn about Onli Corporation's mission to create a private data economy and how Onli technology represents a transformative shift in data handling and digital asset management."
---
# Our Mission
## What we are doing
An Onli is a hyperdimensional vector storage container coupled with an unforgeable credential. Computing operations like send or copy, uses a uniqueness quantification algorithm to evolve the container rather than duplicate it. Non-deterministic evolutionary mechanisms as a transfer protocol make the system nearly impervious to prediction, cloning, spoofing, hacking, and other threats, while improving speed and efficiency. This capability makes it possible for an object to maintain a real time, single global state, across a network of connected devices. Put simply, you can now make something on a computer of which, there can only be one. Once you solve the problem of uniqueness quantification in a computing environment you make a lot of the existing problems obsolete. We believe that this organization of intelligent semantic media (organ-ism) in a semantic environment can be the foundation of the a quantum leap forward in computing.
## The Paradigm Shift
Onli technology represents a transformative shift in how we handle data. As a natural progression in data evolution, it focuses on digitizing assets—valuable items that need to be controlled and protected. Traditional hierarchical file systems on the internet require data replication to ensure reliability, resulting in data being public and open by default.
This open data economy, where free software is exchanged for micro-work that aggregates and monetizes open data, has thrived due to the inherent public nature of data storage. However, Onli technology introduces a new category of private-by-default data, enabling the emergence of business models centered around a private data economy.
Onli technology serves as the foundation for a new type of application called Appliances, which facilitate the movement of assets and connect to private data. Unlike traditional web applications that focus on micro-work consumption, Appliances empower users by granting them full control over their assets.
We see enormous potential in creating a private data economy within the internet landscape. Our mission is to develop tools that help you harness this potential and unlock new opportunities for secure data management.
---
# Source: https://onli.support/concepts/process/
---
title: "The Process"
description: "Step-by-step guide to the Onli development process from initial consultation to launching your Appliance - understand the complete workflow for building with Onli."
---
# The Process
1. **Initial Consultation** - Onli is not right for everyone find out if it is right for you.
2. **Ideation** - Financial Assets require Legal and Regulatory Compliance
3. **Build** - Onli Build become an Issuer to issue Assets. Once approved you build your own brand of Onli, no attribution is required.
4. **Minting** - Onli Assets are minted in Billion unit runs and stored in a Treasury.
5. **Appliance Development** - You design and develop your Appliance
6. **Open Onli.Cloud Account** - Dedicated Infrastructure and an Api-Key to Issue, ChangeOwner and AskToMove Assets
7. **Inventory** - Delivery and integration of Treasury with Onli.Cloud
8. **Oracle Initialized** - Oracle is a user accessible record of ownership for Owners of a particular Issue. Appliance Owners can run a clone or outsource it
9. **Onli_You** - Users download free Onli_You app, join an Appliance, receive an Onli_ID and a Vault to store Assets.
10. **Launch Your Appliance** - Delivers the value proposition to your users.
11. **Trade** -Assets are ultimately moved peer to peer by Owners.
---
# Source: https://onli.support/concepts/products/
---
title: "Products"
description: "Explore the complete suite of Onli Corporation products including Onli Build, Onli Cloud, Onli Dev, Onli AI, and more - everything you need to build with Onli technology."
---
# Products
*What does the Onli Corporation make?*
## Onli Brand
Onli® is a registered trademark of a luxury brand of technology services by The Onli Corporation.
## Onli
A digital container generated by a uniqueness quantification algorithm that maintain its uniqueness across a network of devices.
## Onli One
Onli One is a network of peer-to-peer nodes and transport services that move Onli between vaults.
## Onli Build
An suite of tools of create, define and Issue you own brand of Onli.
## Onli Cloud
A hybrid single tenant infrastructure that was designed for total control, privacy, and security for mission critical workloads. A suite of cloud services for managing Issuances, Users and Appliance services. Onli Cloud is a dedicated single tenant cloud infrastructure.
## Onli Dev
A suite of tools to build client server applications called Appliances.
## Onli AI
An online learning platform.
## Onli App
Onli-You is a high security authenticator for Onli-ID and a self-contained, trusted execution environment for storing assets.
## Onli ID
A patented identity management system.
## Onli Exchange
The largest barrier to Digital Asset adoption is an on/off ramp. Introducing Onli.Exchange. A complete real-time master/sub account management system for marketplaces. Essentially an on/off ramp in a box. BYOB - Bring your own commercial bank. The Onli Corporation does not operate any marketplaces, banking institutions or exchanges. We are a technology provider.
---
# Source: https://onli.support/concepts/transaction/
---
title: "Transaction Definition"
description: "Understand how transactions work in Onli's actual possession system versus traditional custodial possession systems, and why this fundamental difference matters."
---
# Transaction Definition
The most important difference is that Blockchain is a Custodial possession system where Onli is an Actual Possession system. Onli is an Actual Possession system. There is no ledger. Crypto and "The Blockchain", is a custodial possession system that stores transactions in a ledger. They are fundamentally and technically different ideas. Consequently they work differently.
Actual Possession and Custodial Possession differ in that they define transactions differently.
**Custodial Possession**: a transaction is where one person holds (custody of) the Asset and makes an entry in a ledger. Ownership is a substantiated identity claim of an entry in a ledger.
**Actual Possession**: a transaction is a change in possession, where ownership equals possession. Put Simply the difference is that an actual possession system works like the cash in your pocket and a custodial system is like your bank account.
Consequently, the digital version of these two transaction systems are naturally going to be different from one another. Shift Your thinking
## A Different kind of Transaction
Not only is the definition different but the implementation is very different. Onli on Onli_One implements a fundamental shift in thinking about a transaction.
A transaction in a Custodial Possession model is when an entry in the ledger database is written, copied or updated, signed with a private key, sent to all nodes, and saved in local data. There is no delete function in a blockchain recording system as it is a forward state machine.
A **transaction** in an Actual Possession model is when a change in ownership is updated, the new state is validated on both the sender and receiver devices, notification of change is sent to Oracle node and the new state is saved in local data.
In a conventional DLT Blockchain, the private key IS the asset. The value proposition is realized by possession of the private key.
In OnliOne, the asset is a thing that is separate from the transaction. Technically there are two conventional events that constitute a transaction: the evolved state of the Asset and the delivery of the Asset. This is more than a conceptual differentiation. The implementation of a transaction and the transaction management system on OnliOne, requires that you think of a transaction as more than a simple write or update entry on a database (blockchain- a method of recording data). In Financial Trading systems you are dealing with long-lived, multi-node, distributed processes. This means for an Onli, a more robust approach is required to complete a transaction entry. For example in a financial transaction payment and delivery are two separate events. Onli One only handles the pickup and delivery of the Asset. It is up to the developer to conclude whatever conditions are required and met before initiating a transaction. Once an Onli is delivered it cannot be reversed.
---
# Source: https://onli.support/concepts/white-paper/
---
title: "White Paper"
description: "Technical deep-dive into Onli technology - explore the architecture, paradigm shift, and detailed technical implementation of the Onli platform and its unique approach to digital assets."
---
# White Paper
Onli was designed to solve a different problem than DLTs, as outlined in a 2010 paper by Dhryl Anton, Michael McFall, and Peter Jensen-Haxel. Onli is a non-fungible data structure called a Genome tightly coupled to an unforgeable credential called a Gene and used in a patented method to solve the uniqueness quantification problem of computers. In mathematics and logic, the term “uniqueness” refers to the property of being the one and only object satisfying a certain condition -(Wikipedia). In computing, the problem is defined as how to make something on a computer, which transfers binary data by making a copy, have a unique existence across a network of connected devices. Once you have solved this problem, you can build a technology that get all the benefits of DLTs with none of the problems. Onli has been reliably used since 2010.
Technically speaking, Onli is a non-fungible (unique) data structure (Genome), tightly coupled to an unforgeable credential (Gene) and used in a self-contained trusted execution environment, where data is computed by proprietary Algorithms and stored using varying cryptographic methods. This patented method solves the uniqueness quantification problem of computers. Scientifically speaking, uniqueness quantification means a set of data whose uniqueness is quantified. Put simply, this means there is only one of a thing across a network of connected devices.
The ONLI Genome is non-fungible because computing operations evolve the genome. This is done by Genome Editing, which uses Proprietary Algorithms to calculate the data in the Base-Pairs in a Helix. The result is that there is only one Genome across the entire network. A change in ownership takes Base-Pairs from the Gene of the last owner and the new owner and combine them to create a new Genome. Data is computed in a trusted execution environment. An independent, immutable, unforgeable record of these changes are kept in a registry called a Replicated Validation Oracle RVO. The RVO is meant to be used only to validate the local state of the ONLI Genome.
A credential is a means of authentication. In computer science terms, it is an object that is verified when presented to the verifier in an authentication transaction.. The onliYOU credential is unforgeable because the state of the Gene evolves whenever transactions are performed. Authentication and Authorization are transactions. The credential comprises Helixes, that keeps records about recent transactions. Transactions are recorded using a proprietary formula, which guarantees uniqueness and includes an immutable cryptographic signature, which results in an un-hackable and unforgeable form of identification. This unforgeable credential (Gene) is the owner of the Onli (Genome).
## Paradigm shift
The concept of Onli technology represents a paradigm shift. It requires a change in thinking about the challenges of blockchain technologies. In Onli, the term "blockchain" retains its original meaning as a method of storing data in a database so that it is difficult or impossible to alter, hack, or cheat. It is not considered a "data storage system." Additionally, in Onli, there is no "The blockchain," a colloquialism for a "blockchain database" or DLT service stored on multiple servers with consensus. Decentralization, as a concept, also undergoes a paradigm shift in Onli. The "central service" in Onli only performs the computational functions required to evolve the Genome. The Genomes themselves are decentralized, thus eliminating the need for complex trustless schemes.
Trustlessness is a core element of blockchain, crypto payments, and smart contracts. "Trust-less" means that you don't have to rely on a third party – a bank, a person, or any intermediary – that could operate between you and your cryptocurrency transactions or holdings. Onli achieves this without the need for "miners" or independent transaction processors. In Onli, the credential blockchain and ONLI blockchain unit are stored locally by the user. You can trust it because it is in your possession, and yours alone. Onli differs from "Blockchain and DLT" literally from the ground up. Consequently, The Onli Architecture is structured differently:
## Onli
An Onli is a unitary container of data, meaning that it is a single unique entity. It is quantified and whole meaning it is neither divisible or fungible. It consists of a single quantified set of Base-Pairs stored in a non-fungible data-structure called a Genome.
### Application Layer
A client/server application developed to interact with Owners on the OnliOne network, which are referred to as Appliances.
### Credential Layer
A proprietary framework for the unforgeable credential called Onli ID. This layer performs authentication and authorization. It does this by creating an instance of the Data Layer for a single user, called a (GENE), tightly coupling it with a User Object and assigning this to be used as a credential. Thus, only an authenticated connection can store, move, and evolve data on the Data Layer.
### Storage Layer
This layer is a stack of storage management technologies collectively called “Vault Manager” and a local database deployed on a client collectively called a “Vault”, which acts as a storage node of the network layer. The storage node includes the services and processes required to store, move, verify, and retrieve the Data Layer.
### Compute Layer
This layer manages credentialed requests from Appliances to Owners via the “Onli_Cloud”, for example Change Owner or Move an onliGenome between Vaults. Appliances interact with the Services Layer by making a Remote Procedure Call to the Transfer Agent Layer. These calls are made via GRPC (a high-performance, open-source universal Remote Procedure Call framework developed by Google). There are two calls: Move, which transports an onliGenome from one storage node to another via an authenticated connection of the Transport Layer. AND, Change Owner, which effects a change in the ownership block from one Onli_You credential to another Onli_You credential by evolving the Data Layer, and effects the subsequent transport of an Genome from one storage node to another.
### Transport Layer
The transport layer uses TCP, mTLS, and custom extensions called Logistics. The Transport Layer is responsible for variable-length data transmission from a source to destination and, upon confirmation of successful receipt of the transmission, deletes the source. Transport Layer Security (TLS) is a cryptographic protocol that sits on top of the Transport Layer of the TCP/ IP stack and provides “encryption in transit”. TLS allows the participating applications (including the Application Layer) to encrypt data using a cipher and symmetric key negotiated as part of the initial TLS Handshake. Mutual Transport Layer Security (mTLS) is a process that establishes an encrypted TLS connection in which both parties use X.509 digital certificates to authenticate each other. The Logistics Uniqueness software, a protocol extension, manages the transport of data used in the proprietary Onli uniqueness quantification method.
### Transfer Agent Layer
A proprietary execution environment for creating a new blocks and evolving the state of each Onli and optionally reporting evidence of state change to the Replicated Validation Oracle (RVO), an external record. This is accomplished via Genome Editing - Base-Pairs are computed using proprietary Genetic Algorithms to evolve specific helixes. Genome editing employs the use of Genetic and Cryptographic algorithms. This occurs in an enclave, a secure execution environment, ensuring that there can only be one.
### Data Layer
The structured and stored dataset of each Onli, including a combination of data blocks, each representing a transfer transaction, computed values representing different domains, and a chain structure. Collectively each chain is referred to as a Genome. A Genome is a custom unitary data container that stores a micro array of data as the entirety of a single whole. It is quantified and whole meaning it is neither divisible or fungible. A genome is composed of ten Helixes - A single set of structured data stored in an immutable sequence, which store relevant data in ordered pairs for a specific domain. Each Helix has ten Base-Pairs -An ordered pair of two related data elements: A Base, which is a constant that defines the data set and a Pair, which is a variable that belongs to the set. A transaction commit manager is used to manage the evolution of each Genome.
### Network Layer
Onli doesn’t use the surface web or Clearnet. Onli-based assets includes a transmission mechanism, authentication mechanism, and private processing network. The network is composed of nodes. A node is a connected electronic computational device. The role of a node differs compared to a conventional DLT in that the role, in Onli_One is to support the network by maintaining transactions of a single instance of the Credential Layer. Instead of a monolithic blockchain, copied across nodes and kept current with a consensus mechanism. The node is the Onli_You application and thus the Owner is in possession of all data transfer transactions. Effectively this is a peer-to-peer network.
### Oracle (RVO) Layer
A public portion (publicly accessible by any current owner) of the Network Layer, The RVO receives independent evidence of each Move and/ or changeOwner transaction and keeps a record of the current hash value representing a state change of each onliGenome in owners (Onli_YOU) possession. The RVO is private by default. Only a current owner may access the RVO, permit another owner (Onli_ID) to access, and such access is limited to validation of only the hash values belonging to said, owner. There is no public disclosure of information.
## HOW THE SYSTEM WORKS
Onli, at its root, is a non-fungible data-structure (Genome) coupled with an unforgeable credential (Gene) that maintains a single global state across a network of connected devices.
Onli_You, a self-contained trusted execution environment, is distributed for free to Owners Onli_You generates the Gene, which is tightly coupled to the biometrics of the device, producing an unforgeable credential. The Onli_You vault is where you store the Genomes.
Issuers create Assets and developers use to “build” Appliances to do something with the Asset. An Asset is a defined and programmed Genome. An Appliance is a customer built client application.
Changing ownership of assets is accomplished by a Transfer Agent via a cloud computing “compute” request. This is accessed by making an AskToMove and changeOwner request to Onli_Cloud. Only Owners can move assets. To transfer an asset between owners. Owners “move” Assets to a settlement vault, along with instructions as to who the recipient is. Transfer Agent can only access Assets that are in a settlement vault. Proprietary Algorithms calculate new Base-Pairs within a secure enclave on a HSM -high security module. This provides CPU hardware-level isolation and memory encryption by isolating application code and data on the hardware and encrypting its memory. Genomes are an encapsulated Data Layer over the Network layer via the Logistics Service. The Transfer Agent employs the Gene of sender and recipient to produce a new Genome, the new Genome is then placed in a locker of the recipient and then delivered to the Onli_You of new owner. A record is made in the Oracle and notification sent to the Sender of a delivery.
## History
- Onli started in 2010 as cloudMo.de.
{/* - AI_FACT_REFERENCE */}
- Onli version 0.1 was released in 2011 by CloudMoDe LLC in Las Vegas Nevada. White Paper https://www.academia.edu/6622767/The_White_Paper
- Onli version 1.0 was released in 2014 by Onli Inc in Las Vegas Nevada. Notable (Built with Onli) The first Appliance was Opportuneti™ app for IOS in 2012.
{/* - AI_FACT_REFERENCE */}
- Opportuneti, a music publishing application was released on Apple App Store. https://appadvice.com/app/opportuneti/807573650
- Version 2.0 of Onli was released in 2014.
{/* - AI_FACT_REFERENCE */}
- Onli Version 2.0 was released in 2016 by Onli Inc in Paradise Valley Nevada. Notable (Built with Onli):
- Nicce - Nevada - https://newtrusteconomy.com/cryptocurrency-in-the-cannabis-industry-with-dillon-bracken/
- Alta - Arizona - https://www.bizjournals.com/phoenix/news/2021/04/22/alta-plans-cannabis-market-expansion.html
- Patents
{/* - AI_FACT_REFERENCE */}
- https://uspto.report/company/Anton-Dhryl
- Version 3.0 release date is August 2023.
{/* - AI_FACT_REFERENCE */}
---
# Source: https://onli.support/concepts/whitepaper/
# White Paper
Onli was designed to solve a different problem than DLTs, as outlined in a 2010 paper by Dhryl Anton, Michael McFall, and Peter Jensen-Haxel. Onli is a non-fungible data structure called a Genome tightly coupled to an unforgeable credential called a Gene and used in a patented method to solve the uniqueness quantification problem of computers. In mathematics and logic, the term “uniqueness” refers to the property of being the one and only object satisfying a certain condition -(Wikipedia). In computing, the problem is defined as how to make something on a computer, which transfers binary data by making a copy, have a unique existence across a network of connected devices. Once you have solved this problem, you can build a technology that get all the benefits of DLTs with none of the problems. Onli has been reliably used since 2010.
Technically speaking, Onli is a non-fungible (unique) data structure (Genome), tightly coupled to an unforgeable credential (Gene) and used in a self-contained trusted execution environment, where data is computed by proprietary Algorithms and stored using varying cryptographic methods. This patented method solves the uniqueness quantification problem of computers. Scientifically speaking, uniqueness quantification means a set of data whose uniqueness is quantified. Put simply, this means there is only one of a thing across a network of connected devices.
The ONLI Genome is non-fungible because computing operations evolve the genome. This is done by Genome Editing, which uses Proprietary Algorithms to calculate the data in the Base-Pairs in a Helix. The result is that there is only one Genome across the entire network. A change in ownership takes Base-Pairs from the Gene of the last owner and the new owner and combine them to create a new Genome. Data is computed in a trusted execution environment. An independent, immutable, unforgeable record of these changes are kept in a registry called a Replicated Validation Oracle RVO. The RVO is meant to be used only to validate the local state of the ONLI Genome.
A credential is a means of authentication. In computer science terms, it is an object that is verified when presented to the verifier in an authentication transaction.. The onliYOU credential is unforgeable because the state of the Gene evolves whenever transactions are performed. Authentication and Authorization are transactions. The credential comprises Helixes, that keeps records about recent transactions. Transactions are recorded using a proprietary formula, which guarantees uniqueness and includes an immutable cryptographic signature, which results in an un-hackable and unforgeable form of identification. This unforgeable credential (Gene) is the owner of the Onli (Genome).
## Paradigm shift
The concept of Onli technology represents a paradigm shift. It requires a change in thinking about the challenges of blockchain technologies. In Onli, the term "blockchain" retains its original meaning as a method of storing data in a database so that it is difficult or impossible to alter, hack, or cheat. It is not considered a "data storage system." Additionally, in Onli, there is no "The blockchain," a colloquialism for a "blockchain database" or DLT service stored on multiple servers with consensus. Decentralization, as a concept, also undergoes a paradigm shift in Onli. The "central service" in Onli only performs the computational functions required to evolve the Genome. The Genomes themselves are decentralized, thus eliminating the need for complex trustless schemes.
Trustlessness is a core element of blockchain, crypto payments, and smart contracts. "Trust-less" means that you don't have to rely on a third party – a bank, a person, or any intermediary – that could operate between you and your cryptocurrency transactions or holdings. Onli achieves this without the need for "miners" or independent transaction processors. In Onli, the credential blockchain and ONLI blockchain unit are stored locally by the user. You can trust it because it is in your possession, and yours alone. Onli differs from "Blockchain and DLT" literally from the ground up. Consequently, The Onli Architecture is structured differently:
## Onli
An Onli is a unitary container of data, meaning that it is a single unique entity. It is quantified and whole meaning it is neither divisible or fungible. It consists of a single quantified set of Base-Pairs stored in a non-fungible data-structure called a Genome.
### Application Layer
A client/server application developed to interact with Owners on the OnliOne network, which are referred to as Appliances.
### Credential Layer
A proprietary framework for the unforgeable credential called Onli ID. This layer performs authentication and authorization. It does this by creating an instance of the Data Layer for a single user, called a (GENE), tightly coupling it with a User Object and assigning this to be used as a credential. Thus, only an authenticated connection can store, move, and evolve data on the Data Layer.
### Storage Layer
This layer is a stack of storage management technologies collectively called “Vault Manager” and a local database deployed on a client collectively called a “Vault”, which acts as a storage node of the network layer. The storage node includes the services and processes required to store, move, verify, and retrieve the Data Layer.
### Compute Layer
This layer manages credentialed requests from Appliances to Owners via the “Onli_Cloud”, for example Change Owner or Move an onliGenome between Vaults. Appliances interact with the Services Layer by making a Remote Procedure Call to the Transfer Agent Layer. These calls are made via GRPC (a high-performance, open-source universal Remote Procedure Call framework developed by Google). There are two calls: Move, which transports an onliGenome from one storage node to another via an authenticated connection of the Transport Layer. AND, Change Owner, which effects a change in the ownership block from one Onli_You credential to another Onli_You credential by evolving the Data Layer, and effects the subsequent transport of an Genome from one storage node to another.
### Transport Layer
The transport layer uses TCP, mTLS, and custom extensions called Logistics. The Transport Layer is responsible for variable-length data transmission from a source to destination and, upon confirmation of successful receipt of the transmission, deletes the source. Transport Layer Security (TLS) is a cryptographic protocol that sits on top of the Transport Layer of the TCP/ IP stack and provides “encryption in transit”. TLS allows the participating applications (including the Application Layer) to encrypt data using a cipher and symmetric key negotiated as part of the initial TLS Handshake. Mutual Transport Layer Security (mTLS) is a process that establishes an encrypted TLS connection in which both parties use X.509 digital certificates to authenticate each other. The Logistics Uniqueness software, a protocol extension, manages the transport of data used in the proprietary Onli uniqueness quantification method.
### Transfer Agent Layer
A proprietary execution environment for creating a new blocks and evolving the state of each Onli and optionally reporting evidence of state change to the Replicated Validation Oracle (RVO), an external record. This is accomplished via Genome Editing - Base-Pairs are computed using proprietary Genetic Algorithms to evolve specific helixes. Genome editing employs the use of Genetic and Cryptographic algorithms. This occurs in an enclave, a secure execution environment, ensuring that there can only be one.
### Data Layer
The structured and stored dataset of each Onli, including a combination of data blocks, each representing a transfer transaction, computed values representing different domains, and a chain structure. Collectively each chain is referred to as a Genome. A Genome is a custom unitary data container that stores a micro array of data as the entirety of a single whole. It is quantified and whole meaning it is neither divisible or fungible. A genome is composed of ten Helixes - A single set of structured data stored in an immutable sequence, which store relevant data in ordered pairs for a specific domain. Each Helix has ten Base-Pairs -An ordered pair of two related data elements: A Base, which is a constant that defines the data set and a Pair, which is a variable that belongs to the set. A transaction commit manager is used to manage the evolution of each Genome.
### Network Layer
Onli doesn’t use the surface web or Clearnet. Onli-based assets includes a transmission mechanism, authentication mechanism, and private processing network. The network is composed of nodes. A node is a connected electronic computational device. The role of a node differs compared to a conventional DLT in that the role, in Onli_One is to support the network by maintaining transactions of a single instance of the Credential Layer. Instead of a monolithic blockchain, copied across nodes and kept current with a consensus mechanism. The node is the Onli_You application and thus the Owner is in possession of all data transfer transactions. Effectively this is a peer-to-peer network.
### Oracle (RVO) Layer
A public portion (publicly accessible by any current owner) of the Network Layer, The RVO receives independent evidence of each Move and/ or changeOwner transaction and keeps a record of the current hash value representing a state change of each onliGenome in owners (Onli_YOU) possession. The RVO is private by default. Only a current owner may access the RVO, permit another owner (Onli_ID) to access, and such access is limited to validation of only the hash values belonging to said, owner. There is no public disclosure of information.
## HOW THE SYSTEM WORKS
Onli, at its root, is a non-fungible data-structure (Genome) coupled with an unforgeable credential (Gene) that maintains a single global state across a network of connected devices.
Onli_You, a self-contained trusted execution environment, is distributed for free to Owners Onli_You generates the Gene, which is tightly coupled to the biometrics of the device, producing an unforgeable credential. The Onli_You vault is where you store the Genomes.
Issuers create Assets and developers use to “build” Appliances to do something with the Asset. An Asset is a defined and programmed Genome. An Appliance is a customer built client application.
Changing ownership of assets is accomplished by a Transfer Agent via a cloud computing “compute” request. This is accessed by making an AskToMove and changeOwner request to Onli_Cloud. Only Owners can move assets. To transfer an asset between owners. Owners “move” Assets to a settlement vault, along with instructions as to who the recipient is. Transfer Agent can only access Assets that are in a settlement vault. Proprietary Algorithms calculate new Base-Pairs within a secure enclave on a HSM -high security module. This provides CPU hardware-level isolation and memory encryption by isolating application code and data on the hardware and encrypting its memory. Genomes are an encapsulated Data Layer over the Network layer via the Logistics Service. The Transfer Agent employs the Gene of sender and recipient to produce a new Genome, the new Genome is then placed in a locker of the recipient and then delivered to the Onli_You of new owner. A record is made in the Oracle and notification sent to the Sender of a delivery.
## History
- Onli started in 2010 as cloudMo.de.
{/* - AI_FACT_REFERENCE */}
- Onli version 0.1 was released in 2011 by CloudMoDe LLC in Las Vegas Nevada. White Paper https://www.academia.edu/6622767/The_White_Paper
- Onli version 1.0 was released in 2014 by Onli Inc in Las Vegas Nevada. Notable (Built with Onli) The first Appliance was Opportuneti™ app for IOS in 2012.
{/* - AI_FACT_REFERENCE */}
- Opportuneti, a music publishing application was released on Apple App Store. https://appadvice.com/app/opportuneti/807573650
- Version 2.0 of Onli was released in 2014.
{/* - AI_FACT_REFERENCE */}
- Onli Version 2.0 was released in 2016 by Onli Inc in Paradise Valley Nevada. Notable (Built with Onli):
- Nicce - Nevada - https://newtrusteconomy.com/cryptocurrency-in-the-cannabis-industry-with-dillon-bracken/
- Alta - Arizona - https://www.bizjournals.com/phoenix/news/2021/04/22/alta-plans-cannabis-market-expansion.html
- Patents
{/* - AI_FACT_REFERENCE */}
- https://uspto.report/company/Anton-Dhryl
- Version 3.0 release date is August 2023.
{/* - AI_FACT_REFERENCE */}
---
# Source: https://onli.support/getting-started/
---
title: "Getting Started"
---
Welcome to the Onli Platform! This comprehensive guide will take you from zero knowledge to confidently using Onli technology. Whether you're a developer, administrator, or business stakeholder, this guide provides the foundation you need.
## Understanding Onli in 5 Minutes
**The Simple Explanation**
Imagine you have a special digital container that can hold valuable information - documents, money, certificates, or any data. Unlike normal computer files that can be copied infinitely, this container can only exist in one place at one time, owned by one person. When you send it to someone else, you no longer have it - just like handing over a physical object.
That's Onli: **digital assets that work like physical objects**.
**The Technical Explanation**
Onli solves the "uniqueness quantification problem" in computing - how to make something digital that can only exist once across a network of connected devices. It achieves this through:
- **Genomes**: Immutable data structures that store your asset information
- **Genes**: Unforgeable credentials that prove ownership
- **Genome Editing**: Cryptographic processes that evolve assets as they transfer
- **Vaults**: Secure execution environments where assets are stored
**Why This Matters**
Traditional digital systems copy data to share it. Onli **transfers** data without copying, enabling true digital ownership and scarcity - fundamental requirements for digital value transfer.
## What Makes Onli Different?
Onli is not a cryptocurrency, blockchain, or distributed ledger technology. It's a revolutionary approach to digital ownership that works like **physical possession** in the digital world:
> **Important**: Onli enables true digital ownership through actual possession, not custodial possession like traditional systems.
- **Actual Possession**: You physically possess your digital assets, not a ledger entry
- **No Private Keys**: No complex key management or recovery phrases
- **One Owner**: There can only be one owner of each asset at any time
- **No Ledger**: No shared database or consensus mechanisms required
- **Fast & Final**: Instant transfers with no risk of forking or double-spending
## Key Concepts You Need to Know
**Actual vs. Custodial Possession**
**Custodial Possession** (Traditional Systems):
- A third party holds your assets
- Ownership is a ledger entry
- Like a bank account - you own a claim, not the actual money
**Actual Possession** (Onli):
- You directly possess your assets
- Ownership equals possession
- Like cash in your pocket - you have the actual thing
**Core Components**
| Component | Purpose | Analogy |
|-----------|---------|---------|
| **Asset (Genome)** | Contains your valuable data | A secure briefcase |
| **Owner (Gene)** | Proves who owns the asset | Your unforgeable ID card |
| **Vault** | Stores your assets securely | Your personal safe |
| **Appliance** | Applications that use assets | The tools you use with your briefcase |
**Network Architecture**
| Component | Description |
|-----------|-------------|
| **Onli_One** | The overall network infrastructure |
| **Onli_You** | Your personal app for managing assets |
| **Onli_Cloud** | Backend services for asset operations |
| **Your Appliances** | Custom applications you build |
## What You Can Build
The Onli Platform enables you to create **Assets** - unique digital entities that represent value and can be transferred without duplication:
- **Financial Assets**: Digital currencies, securities, and commodities
- **Digital Documents**: Contracts, certificates, and important files
- **Intellectual Property**: Patents, trademarks, and creative works
- **Identity Credentials**: Secure, unforgeable digital identities
- **Any Unique Data**: Custom asset types limited only by your imagination
## Common Questions
**"How is this different from blockchain?"**
Blockchain uses **custodial possession** with shared ledgers and consensus mechanisms. Onli uses **actual possession** where you directly own and control your assets. Think bank account vs. cash in your pocket.
**"Do I need to understand cryptography?"**
No! Onli handles all cryptographic operations automatically. You work with simple APIs and let the platform manage the complex security operations.
**"Can I integrate this with my existing system?"**
Yes! Onli is designed to complement existing technologies. Use our APIs to add true digital ownership to any application.
**"What about scalability and performance?"**
Onli was built for enterprise use with:
- Instant transfers (no mining or consensus delays)
- Unlimited scalability (no shared infrastructure bottlenecks)
- High availability (distributed architecture)
**"How much does it cost?"**
Onli uses simple, predictable pricing:
- $0.05 per asset to issue (one-time fee)
- No transfer fees
- No mining costs
- Enterprise licensing for platform access
**"What if I lose my assets?"**
Onli uses **actual possession**, so asset security is critical. However:
- Multi-device vault synchronization
- Secure backup and recovery mechanisms
- Enterprise-grade security practices
- 24/7 support for enterprise customers
## Getting Help
**Resources:**
- **Documentation**: Browse our comprehensive guides and references
- **API Reference**: Detailed technical documentation for developers
- **Configuration Guides**: Step-by-step setup instructions
- **Concepts**: Deep-dive into Onli technology and principles with [Onli.AI](https://onli.ai)
**Next Steps**
After understanding these core concepts:
1. Explore our [API Reference](/api-reference) for technical implementation details
2. Review [Configuration Guides](/mcp-configuration) for setup instructions
3. Visit [Concepts](/concepts) for deeper technical understanding
4. Start building with the Onli Platform APIs
---
# Source: https://onli.support/license/acceptable-use/
---
title: ""
---
# Acceptable Use
## Preamble
We are NOT in the Crypto Industry. Crypto is a digital asset but not all digital assets are crypto. We, at The Onli Corporation, are using advancements in science to create a new class of data: Assets. We build technology to make it possible to send Assets as easily as you send email. This is not the blockchain you have been hearing about. The context is different from the ground up.
## The Context
There is Open Data. Data that is openly accessible, exploitable, editable and shared by anyone for any purpose, even commercially. Open Data, while vilified today, has led to the advancement of humanity. Most of our advancements, like AI, would not be possible without the open sharing of information. Free software in exchange for micro-work is arguably one of the greatest inventions in human history. The Open-Source movement has led to the largest expansion of human knowledge in all of our known history. This is not that.
Assets are a different class of data. An asset is property owned. Property is something of value you are in possession of or has legal title to. Ownership is a bundle of rights. Those rights are defined by legislation and enforced through regulation. Finance is a science, in that it is built on the three assertions of accounting: the assertion The assertion of rights and obligations - derived from contractual rights of an exclusive owner. The assertion of existence - evident by a valid record of and/or the actual possession of. The assertion of valuation - evident from an independent source of truth. Finance emerges from law. No technology is going to change the physics of something.
This is an asset transfer technology. There is no ledger. No private key. No mining. No consensus. This is not that. OnliOne is an asset transfer technology. In OnliOne, there are two kinds of assets: Tangible- like a document, image, video, pdf, any kind of file. And, Financial Assets, that gets its value from a contractual right or ownership claim. Assets are property owned. The property is a unitary container of data in an electronic form. The owner is a unique data-set tightly coupled with user data, for the purpose of being a credential and stored in an electronic form. The value is a property that is added externally by the user or defined by a value proposition of an Appliance. In other words, Asset, ownership, transmission, these are technology things. Price, value these are human, legal, compliance, things. This is an important distinction to understand.
Financial Assets are defined as follows: "Digital Asset" a representation in electronic form of property that derives its value from a contractual right or ownership claim, where ownership can be transferred electronically. Digital Assets are property owned. Financial Assets are classified as commodities or securities. Such distinction is a function of how they are used. Some digital assets represent Investment Contracts and are required to be registered as Securities. As a general rule, Securities generate or are expected to generate, a return from a common enterprise. Commodities, as a general rule, do not or are not expected to, generate a return from a common enterprise. Financial assets represent title to or derived from a claim of ownership defined in a contractual relationship. This relationship is not a technology thing. It is a legal thing. You will need to consult legal counsel to determine which category of use your use case falls under. You are independently responsible for complying with all applicable laws in all of your actions related to your use of Onli, regardless of your intent.
Tangible assets, in our context, is any kind of digital file, it is something you put into a cryptographic container called a Crypt™, which is then bound to an Onli. Only the Onli can open the container and decrypt the contents of the Crypt™. The Onli represents Title to the contents of the Crypt™. The value proposition of a Crypt™ is that it lets you securely share your content, any kind of content, and control who, when, where — and even how many time's the content is used. It is therefore essential that only the author or owner, in the legal sense, originate the contents of a Crypt™. You as a developer are responsible for reasonably assuring that such is the case. Crypts are cryptographically sealed and The Onli Corporation is physically incapable of opening them. You are independently responsible for complying with all applicable laws in all of your actions related to the contents and your use of Crypts, regardless of the purpose of the us.
The Onli Corporation does not Issue Asset Classes or build Appliances. Assets are issued by an Issuer. Developers develop Appliances that "do something" with representations of Assets from the Issuer. Only the Owner of an Onli may access the data layer. Onli are stored on Owners devices. This is ultimately a peer to peer system. Neither, The Onli Corporation nor the Developer has control of that data layer as this is stored locally. The Onli Corporation has no physical way of remotely accessing an owner's Onli. A Developer may send a request to the data storage layer but such requests cannot be executed without the Owner direct authorization as the data storage layer is isolated. This is an important distinction. The key differentiation of Onli is the method of decentralization. The data-layer is decentralized instead of the processing layer, in Bitcoin et al. On Onli.One data is private-by-default. This is in stark contrast to the current configuration of the internet where data is public-by-default. As a developer and user you will need to account for this distinction as they may have legal ramifications. You are independently responsible for complying with all applicable laws in all of your actions related to compliance, regardless of the purpose of the use.
## Acceptable Use Policy
At The Onli Corporation, we make it easy to store a new class of data, move it around and keep it safe. Onli was designed to fit within regulatory requirements. Our goal is to help you and your team build great ideas that employ that kind of data. To do this, we need to keep our products and services running smoothly and we need our community to adhere to certain standards. For this to happen, we need help from you, our developers and users. We need you not to misuse or abuse our products and services.
To describe exactly what we mean by "misuse" or "abuse" – and help us identify such transgressions, and react accordingly – we've created this Acceptable Use Policy. Under this policy, we reserve the right to suspend services and remove content that is inconsistent with the spirit of the guidelines, even if it's something that is not forbidden by the letter of the policy. This is a new industry and it would be impossible to identify every possible situation. In other words, if you do something that isn't listed here verbatim, but it looks or smells like something listed here, we reserve the right to treat it as a violation.
You can use Onli data object as a title to a contractual obligation, a cryptographic container, or to represent a referenced object. It is important to understand that unlike other technologies, here, the Owner, physically possesses and owns, the Onli. You can use Onli to represent unique ownership. Onli however are by nature a single solitary unit and each unit cannot be fractionalized. There is only one. As with any scientific advancement it is important that we use it responsibly. Just because you could doesn't mean you should. Use your judgment and follow the law, and the spirit of the law.
You may not use the Onli in, or Onli.One or Onli Cloud service for, activities that:
- violate any law, statute, ordinance or regulation.
- relate to transactions involving narcotics, steroids, drug paraphernalia, cigarettes, certain controlled substances or other products that present a risk to consumer safety,
items that encourage, promote, facilitate or instruct others to engage in illegal activity,
stolen goods including digital and virtual goods,
- the promotion of hate, violence, racial or other forms of intolerance that is discriminatory or the financial exploitation of a crime,
- items that are considered obscene,
- items that infringe or violate any copyright, trademark, right of publicity or privacy or any other proprietary right under the laws of any jurisdiction,
certain sexually oriented materials or services,
ammunition, firearms, or certain firearm parts or accessories, or
certain weapons or knives regulated under applicable law.
- relate to transactions that
show the personal information of third parties in violation of applicable law,
facilitates financial crimes, such as fraud, bribery, corruption, trafficking of personal information or credentials, conversion of stolen funds or digital assets, pyramid schemes, Ponzi schemes, scams, ransomware, etc.
are associated with purchases of lottery contracts, lay-away systems, off-shore banking or transactions to finance or refinance debts funded by a credit card,
support pyramid or ponzi schemes, matrix programs, other "get rich quick" schemes or certain multi-level marketing programs,
are for the sale of certain items before the seller has control or possession of the item,
- items that infringe or violate any copyright, trademark, right of publicity or privacy or any other proprietary right under the laws of any jurisdiction,
are by payment processors to collect payments on behalf of merchants,
are associated with the sale of traveler's checks or money orders, certain check cashing businesses,
involve offering or receiving payments for the purpose of bribery or corruption.
- involve the sales of products or services identified by government agencies to have a high likelihood of being fraudulent.
relate to transactions involving any activity that requires pre-approval without having obtained said approval.
You Agree That You Will Not Use, Or Allow Others To Use, Onli Services To Send Or Receive Any Information That Infringes The Patents, Trademarks, Copyrights, Trade Secrets Or Proprietary Rights Of Any Other Person Or Entity. This Includes, But Not Limited To Digitization Of Music, Movies, Photographs Or Other Copyrighted Materials Or Software.
You Agree Not To Use, Nor Allow Others To Use, Onli Services To Violate Any Applicable Federal, State, Local, Or International Laws.
You Agree That You Will Not Use, Nor Allow Others To Use, Onli To Commit A Crime Or Fraud, Or To Plan, Encourage Or Help Others To Commit A Crime Or Fraud, Including But Not Limited To, Engaging In A Pyramid Scheme, Ponzi Scheme Or Sending Chain Letters.
You Agree You Will Not Use, Nor Allow Others To Use, Onli Services To Access The Accounts Of Others Or To Attempt To Penetrate Security Measures Of Onli Services Or Other Computer Companies To Cause Disruption Of Service To Other On-Line Users. You Agree
You Will Not Use, Nor Allow Others To Use Tools Designed For Compromising Network Security, Such As Password Guessing Programs, Cracking Tools, Packet Sniffers, Or Network Probing Tools.
NO SYSTEM DISRUPTION You Agree That You Will Not Use, Nor Allow Others To Use, Onli Services To Disrupt The Onli Corporation Network Or Computer Equipment Owned Or Rented By Other Onli Services Customers.
You Also Agree That You Will Not Use, Nor Allow Others To Use, Onli Services To Disrupt Other Internet Service Providers Or Services, Including But Not Limited To, E-Mail Bombing Or The Use Of Mass Mailing Programs.
Due to the nature of the technology, The Onli Corporation cannot physically, electronically or otherwise, seize assets on behalf of law enforcement. Assets are in the Actual Possession of the Owners. The Onli Corporation will cooperate with appropriate law enforcement agencies and other parties involved in investigating claims of illegal or inappropriate activity. The Onli Corporation reserves the right to disclose customer information to the extent authorized by federal or state law, to protect and defend its rights and property, to enforce the terms and conditions applicable to the Service, or to act to protect the interests of other users, Appliance developers and network providers. In those instances involving child pornography, The Onli Corporation complies with all applicable federal and state laws including providing notice to the National Center for the Missing and Exploited Children or other designated agencies.
---
# Source: https://onli.support/license/eula/
---
title: ""
---
# End User License Agreement
This End User License Agreement ("EULA") is a legal agreement between you ("End User" or "You") and The Onli Corporation ("Company," "we," "us," or "our") for the use of Onli Platform services, including OnliYou Vault and related software applications.
## Agreement Acceptance
By clicking "I Agree," installing, accessing, or using any Onli Platform services, you acknowledge that you have read, understood, and agree to be bound by this EULA. If you do not agree to these terms, do not use our services.
## Definitions
### OnliYou Vault
The personal asset storage and management system that operates within a trusted execution environment, utilizing the Onli Platform's actual possession technology.
### Onli Platform
The comprehensive ecosystem of services, applications, and technologies provided by The Onli Corporation for asset management, digital identity, and secure transactions.
### Actual Possession Technology
The proprietary system that ensures true ownership and control of digital assets through cryptographic and technological means, where the user maintains complete possession of their assets.
### ONLI ID
Your unique identifier within the Onli Platform ecosystem, required for account creation and service access.
## License Grant
Subject to the terms of this EULA, Company grants you a limited, non-exclusive, non-transferable, revocable license to use Onli Platform services for personal or business purposes in accordance with this agreement and any applicable service terms.
## User Obligations and Restrictions
### Permitted Uses
You may use Onli Platform services to:
- Store and manage digital assets
- Conduct secure transactions
- Manage your digital identity
- Access authorized platform features
### Prohibited Activities
You may not:
- Reverse engineer, decompile, or disassemble any Onli Platform software
- Attempt to circumvent security features or access controls
- Use services for illegal activities or purposes
- Share your ONLI ID credentials with unauthorized parties
- Create multiple accounts to circumvent restrictions
- Interfere with the operation of Onli Platform services
## Actual Possession and Data Responsibility
### Your Sole Responsibility
**CRITICAL NOTICE**: The Onli Platform operates on an "actual possession" model. This means:
- **You are solely responsible** for the security and safekeeping of your assets
- **Company cannot access, recover, or restore** lost assets or credentials
- **No backups exist** of your personal vault or stored assets
- **Loss of access credentials** results in permanent loss of assets
### Data Security
- You must maintain secure access to your ONLI ID and credentials
- You are responsible for implementing appropriate security measures
- Company provides the platform infrastructure but cannot guarantee asset recovery
### No Company Access
Company has no ability to:
- Access your stored assets
- Recover lost credentials
- Restore deleted data
- Provide backup copies of your vault contents
## Trusted Execution Environment
### Security Guarantee
The Onli Platform operates within a trusted execution environment where:
- We guarantee no unauthorized access to your asset data
- We commit to not altering the execution environment
- All operations maintain cryptographic integrity
- Your assets remain under your exclusive control
### Platform Integrity
Company ensures:
- Consistent operation of the trusted environment
- Protection against unauthorized modifications
- Maintenance of security protocols
- Regular security updates and improvements
## Privacy and Data Collection
### Personal Information
- Company collects minimal personal information necessary for service operation
- All data collection complies with applicable privacy laws
- You retain control over your personal data within the platform
### Asset Data
- Your asset data remains private and inaccessible to Company
- No asset information is shared with third parties
- All asset operations occur within your secure environment
## Intellectual Property
### Company Rights
Company retains all rights, title, and interest in:
- Onli Platform technology and software
- Proprietary algorithms and processes
- Trademarks, logos, and branding
- Documentation and support materials
### Your Rights
You retain ownership of:
- Your stored assets and data
- Content you create or upload
- Your unique digital identity information
## Service Availability
### Platform Access
- Services are provided on an "as available" basis
- Company strives for maximum uptime but cannot guarantee uninterrupted service
- Maintenance periods may temporarily restrict access
### Updates and Changes
Company may:
- Update software and services periodically
- Modify features and functionality
- Change terms with appropriate notice
## Termination
### Termination by You
You may terminate this agreement by:
- Ceasing use of all Onli Platform services
- Removing all software and applications
- Closing your platform account
### Termination by Company
Company may terminate this agreement if you:
- Violate any terms of this EULA
- Engage in prohibited activities
- Fail to comply with applicable laws
### Effect of Termination
Upon termination:
- Your license to use Onli Platform services ends immediately
- You must cease all use of Company software and services
- Your access to stored assets depends on your retained credentials
## Disclaimers
### Service Warranty
ONLI PLATFORM SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
### Asset Security
COMPANY MAKES NO WARRANTIES REGARDING THE SECURITY OR RECOVERABILITY OF YOUR ASSETS. YOU ACKNOWLEDGE AND ACCEPT THE RISKS INHERENT IN THE ACTUAL POSSESSION MODEL.
## Limitation of Liability
IN NO EVENT SHALL COMPANY BE LIABLE FOR:
- LOSS OF ASSETS OR DATA DUE TO USER ERROR
- FORGOTTEN OR LOST CREDENTIALS
- INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
- LOSS OF PROFITS OR BUSINESS OPPORTUNITIES
- DAMAGES EXCEEDING THE FEES PAID FOR SERVICES
## Support and Contact
For questions about this EULA or Onli Platform services:
**The Onli Corporation**
4850 Tamiami Trail N, Unit 301
Naples, FL 34103
United States
**Email**: legal@theonlicorporation.com
**Support**: support@onli.one
## Governing Law
This EULA is governed by the laws of Delaware, United States, without regard to conflict of law principles.
## Agreement Updates
Company may update this EULA periodically. Continued use of Onli Platform services after changes constitutes acceptance of the updated terms.
## Entire Agreement
This EULA, together with any applicable service terms and privacy policies, constitutes the complete agreement between you and Company regarding your use of Onli Platform services.
---
**Last Updated**: January 1, 2024
**Version**: 1.0
---
# Source: https://onli.support/license/vault-sdk/
---
title: ""
---
# VaultSDK License Terms
## Developer Agreement (Terms & Conditions)
> Developer license is deemed as accepted when the license key is entered for vault initialization.
### 1. Introduction
This Vault SDK Agreement ("Agreement") is entered into by and between The Onli Corporation ("Company") and you, the user of the Vault SDK ("You", "Developer"). This Agreement governs the terms and conditions under which the Developer may use the Vault SDK, including any associated documentation, software libraries, and APIs provided by the Company.
**Acknowledgment**: By clicking the "Agree" button, downloading or using the Vault SDK, You are agreeing to be bound by the terms and conditions of this Agreement. If You do not agree to the terms of this Agreement, do not click on the "Agree" button, do not download or do not use the Vault SDK. This Agreement is a legal document between You and the Company and it governs your use of the Application made available to You by the Company. The Application is licensed, not sold, to You by the Company for use strictly in accordance with the terms of this Agreement.
### 2. Definitions
**2.1 "Vault SDK"** refers to the software development kit provided by the Company, which includes software libraries, tools, sample code, and documentation to enable developers to integrate with the ONLI Vault.
**2.2 "ONLI Vault"** refers to the self-contained execution environment that is part of OnliOne, containing Genomes (assets) and Genes (owner identity) for the purpose of actual possession storage of assets.
**2.3 "OnliOne"** refers to the private computing network of Onli's Hyper-dimensional Vector Storage Systems containing Vaults and owners thereof used for uniqueness quantification across a network of connected devices.
**2.4 "Genomes"** refers to Onli's hyperdimensional vector storage objects that are part of Vaults, typically containing a data structure of 10 "Helices" used to store data segments related to the various facets of the object's dimensions.
**2.5 "Genes"** refers to special Genomes that represent the asset owner's digital identity, and containing agents for security identity authentication and authorization.
**2.6 "ONLI ID"** refers to a unique identifier required for the creation and operation of a Vault within the ONLI system.
### 3. License Grant
**3.1 License**: Subject to the terms and conditions of this Agreement, the Company hereby grants the Developer a non-exclusive, non-transferable, revocable license to use the Vault SDK solely for the purpose of developing, testing, and distributing applications that interact with the ONLI Vault and solely in association with a valid existing license or access agreement to ONLI system software (the "Master License Agreement") between Company and licensing organization (the "Licensee Organization").
### 4. Developer Obligations
**4.1 Compliance**: The Developer agrees to comply with all applicable laws and regulations in connection with the use of the Vault SDK, as well as the ONLI Acceptable Use Policy located at [ONLI Acceptable Use Policy](/license/acceptable-use).
**4.2 Restrictions**: The Developer shall not:
- (a) Reverse engineer, decompile, or disassemble, or otherwise attempting to derive or gain access to, the Vault SDK source code.
- (b) Use the Vault SDK to create software that is competitive with the ONLI Vault.
- (c) Distribute, sublicense, or otherwise transfer the Vault SDK to any third party.
- (d) Circumvent software copyright management or security features.
**4.3 Security**: The Developer shall implement reasonable security measures to protect the integrity and security of the ONLI Vault and any data processed through it. The Developer shall not permit any person, system, or user to utilize the Vault SDK other than the Developer.
### 5. Data Privacy and Security
**5.1 Data Responsibility**: **DEVELOPER ACKNOWLEDGES, UNDERSTANDS AND AGREES THAT, BECAUSE THE ONLI VAULT OPERATES UNDER AN ACTUAL POSSESSION SYSTEM, THE OWNER IS SOLELY RESPONSIBLE FOR KEEPING THEIR DATA SAFE. THE COMPANY HAS NO WAY TO ACCESS OR REPLACE LOST GENOMES, AS IT DOES NOT HAVE ACCESS TO THE DATA STORED IN THE VAULT, AND COMPANY IS THEREFORE NOT RESPONSIBLE IN ANY WAY FOR LOST ASSETS.**
**5.2 Data Collection**: The Developer shall be responsible for obtaining any necessary consents from end-users for the collection, use, and disclosure of their data, personal information, or private information in connection with the Developer's applications.
**5.3 Data Storage**: All Genomes must be stored within the ONLI Vault in accordance with the Company's data storage policies and procedures. Because it is a system based on actual possession, there are no backups of the Vault, and it cannot be backed up.
**5.4 Access Restrictions**: Developer understands and agrees that Developer will have no access to Genomes or Genes stored in the Vault. Only the owner, who possesses the appropriate ONLI ID, has access to their data within the Vault.
### 6. Intellectual Property and Confidentiality
**6.1 Ownership**: The Company retains all rights, title, and interest in and to the Vault SDK and the ONLI system, including without limitation all intellectual property rights therein. No rights are granted to the Developer other than as expressly set forth herein.
**6.2 Feedback**: Any feedback provided by the Developer to the Company regarding the Vault SDK may be used by the Company without restriction or obligation. Developer hereby assigns all right, title, and interest to any feedback, improvements, inventions, modifications, and designs related to the Vault SDK.
**6.3 Confidentiality**: As used herein, "Confidential Information" shall mean the Vault SDK, documentation therefore, and any written or oral information about the Vault SDK or the Onli System provided by Company to Developer, including without limitation know-how, processes, algorithms, software programs, documents, and formulae related to the current, future, and proposed development of the ONLI System. Developer agrees that at all times and notwithstanding any termination or expiration of this Agreement it will hold in strict confidence and not disclose to any third party any Confidential Information except as approved in writing in advance by Company, and will use the Confidential Information for no purpose other than user of the Vault SDK. Recipient shall only permit access to Confidential Information to those of its employees or authorized representatives of the Licensing Organization having a need to know and who have signed confidentiality agreements or are otherwise bound by confidentiality obligations at least as restrictive as those contained herein.
### 7. Term and Termination
**7.1 Term**: This Agreement shall commence upon the Developer's acceptance and shall continue until terminated as set forth herein.
**7.2 Termination**: The Company may terminate this Agreement at any time with or without cause upon written notice to the Developer. The Developer may terminate this Agreement by ceasing all use of the Vault SDK and destroying all copies in their possession. This Agreement shall automatically terminate upon the termination of the license or access agreement of the Licensing Organization under which or with which Developer is working.
**7.3 Effect of Termination**: Upon termination, the Developer shall immediately cease all use of the Vault SDK and destroy all copies thereof.
### 8. Disclaimer of Warranties
The Vault SDK is provided "AS IS" and "AS AVAILABLE" without warranty of any kind. The Company disclaims all warranties, whether express, implied, statutory, or otherwise, including but not limited to, implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
### 9. Limitation of Liability
IN NO EVENT SHALL THE COMPANY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS OR REVENUES, WHETHER INCURRED DIRECTLY OR INDIRECTLY, OR ANY LOSS OF DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES, RESULTING FROM THE DEVELOPER'S ACCESS TO OR USE OF THE VAULT SDK.
### 10. Indemnification
The Developer agrees to indemnify and hold harmless the Company and its affiliates from and against any claims, liabilities, damages, losses, and expenses, including without limitation, reasonable legal and accounting fees, arising out of or in any way connected with the Developer's use of the Vault SDK, including without limitation violation of any law or regulation.
### 11. General Provisions
**11.1 Governing Law**: This Agreement shall be governed by and construed in accordance with the laws of Delaware, without regard to choice of law provisions.
**11.2 Entire Agreement**: This Agreement constitutes the entire agreement between the parties with respect to the subject matter hereof and supersedes all prior or contemporaneous understandings, agreements, and representations, whether oral or written.
**11.3 Non-Assignment**: This agreement is not assignable by Developer, and any purported assignment of this Agreement shall be null and void.
**11.4 Amendments**: The Company reserves the right to modify this Agreement at any time, which updates may be posted and agreed to on a click-through basis within the Vault SDK, or upon email notice to Developer, at the option of the Company. Developer understands and agrees that is Developer's responsibility to review the terms of this Agreement upon logging in and utilizing the Vault SDK and to provide any updated email addresses to Company. The Developer's continued use of the Vault SDK following any such modifications shall constitute acceptance of the amended Agreement.
**11.5 Severability**: If any provision of this Agreement is found to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.
**11.6 Notices**: Any notice required or permitted by this Agreement shall be in writing and shall be deemed sufficient (i) if such notice is for Developer, upon sending to the last provided email address by Developer to Company, and (ii) if to Company, upon receipt at the below email address.
## Contact Information
For any questions or concerns regarding this Agreement, or any notes, please contact the Company at:
**The Onli Corporation**
4850 Tamiami Trail N, Unit 301
Naples, FL 34103
United States
**Email**: legal@theonlicorporation.com
**Support**: support@onli.one
---
**Important Notice**: This license agreement must be included in every distribution of the ONLI Vault SDK.
---
# Source: https://onli.support/mcp-configuration/best-practices/
---
title: "Best Practices"
description: "Recommended patterns and anti-patterns for MCP configuration"
author: "Onli Platform"
date: "2024-01-01"
tags: ["mcp", "best-practices", "patterns", "optimization"]
---
# MCP Configuration Best Practices
This guide outlines recommended patterns, anti-patterns, and optimization strategies for MCP configuration.
## Configuration Management
### Recommended Patterns
#### Use Environment-Specific Configurations
```json
// config/development.json
{
"onli-mcp": {
"url": "https://stg.onli.app",
"headers": {
"User-Id": "${ONLI_DEV_USER_ID}",
"App-Key": "${ONLI_DEV_APP_KEY}",
"App-Symbol": "ENGMA"
},
"options": {
"debug": true,
"timeout": 30000
}
}
}
```
#### Implement Configuration Validation
```javascript
function validateConfig(config) {
const required = ['url', 'headers.User-Id', 'headers.App-Key', 'headers.App-Symbol'];
for (const field of required) {
if (!getNestedValue(config, field)) {
throw new Error(`Missing required field: ${field}`);
}
}
return true;
}
```
#### Use Configuration Factories
```javascript
class MCPConfigFactory {
static createConfig(environment) {
const baseConfig = {
headers: {
'User-Id': process.env.ONLI_USER_ID,
'App-Key': process.env.ONLI_APP_KEY,
'App-Symbol': process.env.ONLI_APP_SYMBOL || 'ENGMA'
}
};
switch (environment) {
case 'development':
return {
...baseConfig,
url: 'https://stg.onli.app',
options: { debug: true, timeout: 30000 }
};
case 'production':
return {
...baseConfig,
url: 'https://api.onli.app',
options: { debug: false, timeout: 15000 }
};
default:
throw new Error(`Unknown environment: ${environment}`);
}
}
}
```
### Anti-Patterns to Avoid
#### Hardcoding Credentials
```javascript
// DON'T DO THIS
const config = {
"onli-mcp": {
"url": "https://api.onli.app",
"headers": {
"User-Id": "user_12345_hardcoded", // Never hardcode
"App-Key": "ak_secret_key_123", // Security risk
"App-Symbol": "ENGMA"
}
}
};
```
#### Single Configuration for All Environments
```javascript
// DON'T DO THIS - Use environment-specific configs
const oneConfigForAll = {
url: "https://api.onli.app", // Should vary by environment
debug: true // Should be false in production
};
```
#### Missing Error Handling
```javascript
// DON'T DO THIS
const client = new MCPClient(config); // No validation or error handling
client.connect(); // No error handling
```
## Security Best Practices
### Credential Management
#### Use Environment Variables
```bash
# .env.development
ONLI_USER_ID=dev_user_12345
ONLI_APP_KEY=ak_dev_secret_key
ONLI_APP_SYMBOL=ENGMA
# .env.production
ONLI_USER_ID=prod_user_67890
ONLI_APP_KEY=ak_prod_secret_key
ONLI_APP_SYMBOL=ENGMA
```
#### Implement Credential Rotation
```javascript
class CredentialManager {
constructor() {
this.refreshInterval = 24 * 60 * 60 * 1000; // 24 hours
this.setupRotation();
}
async rotateCredentials() {
const newCredentials = await this.fetchNewCredentials();
this.updateConfig(newCredentials);
this.scheduleNextRotation();
}
setupRotation() {
setInterval(() => {
this.rotateCredentials();
}, this.refreshInterval);
}
}
```
#### Monitor API Usage
```javascript
class APIMonitor {
trackRequest(endpoint, method, timestamp) {
// Log API usage patterns
console.log(`API Call: ${method} ${endpoint} at ${timestamp}`);
// Check for unusual patterns
this.detectAnomalies(endpoint, method);
}
detectAnomalies(endpoint, method) {
// Implement anomaly detection logic
const recentCalls = this.getRecentCalls(endpoint, 5 * 60 * 1000); // 5 minutes
if (recentCalls.length > this.thresholds[endpoint]) {
this.alertSuspiciousActivity(endpoint, recentCalls.length);
}
}
}
```
### Network Security
#### Always Use HTTPS
```javascript
const config = {
url: "https://api.onli.app", // Always HTTPS
options: {
rejectUnauthorized: true, // Verify SSL certificates
secureProtocol: 'TLSv1_2_method' // Use secure protocols
}
};
```
#### Implement Request Signing
```javascript
class SecureClient {
signRequest(request) {
const timestamp = Date.now();
const signature = this.generateSignature(request, timestamp);
return {
...request,
headers: {
...request.headers,
'X-Timestamp': timestamp,
'X-Signature': signature
}
};
}
}
```
## Performance Optimization
### Connection Management
#### Connection Pooling
```javascript
const config = {
"onli-mcp": {
"url": "https://api.onli.app",
"headers": {
"User-Id": "${ONLI_USER_ID}",
"App-Key": "${ONLI_APP_KEY}",
"App-Symbol": "ENGMA"
},
"options": {
"pooling": {
"maxConnections": 10,
"keepAlive": true,
"keepAliveMsecs": 30000
}
}
}
};
```
#### Appropriate Timeouts
```javascript
const timeoutConfig = {
development: {
connectionTimeout: 10000,
requestTimeout: 30000,
retryDelay: 2000
},
production: {
connectionTimeout: 5000,
requestTimeout: 15000,
retryDelay: 1000
}
};
```
### Retry Strategies
#### Exponential Backoff
```javascript
class RetryManager {
async executeWithRetry(operation, maxRetries = 3) {
let attempt = 0;
while (attempt < maxRetries) {
try {
return await operation();
} catch (error) {
if (!this.isRetryableError(error) || attempt === maxRetries - 1) {
throw error;
}
const delay = Math.pow(2, attempt) * 1000; // Exponential backoff
await this.sleep(delay);
attempt++;
}
}
}
isRetryableError(error) {
return error.code === 'TIMEOUT' ||
error.code === 'NETWORK_ERROR' ||
(error.status >= 500 && error.status < 600);
}
}
```
## Error Handling
### Comprehensive Error Handling
```javascript
class MCPErrorHandler {
handleError(error, context) {
switch (error.type) {
case 'AUTHENTICATION_ERROR':
this.handleAuthError(error, context);
break;
case 'NETWORK_ERROR':
this.handleNetworkError(error, context);
break;
case 'TIMEOUT_ERROR':
this.handleTimeoutError(error, context);
break;
default:
this.handleGenericError(error, context);
}
}
handleAuthError(error, context) {
// Log security event
this.logSecurityEvent('auth_failure', { error, context });
// Attempt credential refresh
this.refreshCredentials();
// Notify administrators
this.notifyAdmins('Authentication failure detected');
}
}
```
### Circuit Breaker Pattern
```javascript
class CircuitBreaker {
constructor(threshold = 5, timeout = 60000) {
this.failureThreshold = threshold;
this.timeout = timeout;
this.failureCount = 0;
this.state = 'CLOSED'; // CLOSED, OPEN, HALF_OPEN
this.lastFailureTime = null;
}
async execute(operation) {
if (this.state === 'OPEN') {
if (Date.now() - this.lastFailureTime > this.timeout) {
this.state = 'HALF_OPEN';
} else {
throw new Error('Circuit breaker is OPEN');
}
}
try {
const result = await operation();
this.onSuccess();
return result;
} catch (error) {
this.onFailure();
throw error;
}
}
}
```
## Monitoring and Logging
### Structured Logging
```javascript
const logger = {
logMCPOperation(operation, duration, success, metadata = {}) {
const logEntry = {
timestamp: new Date().toISOString(),
operation,
duration,
success,
environment: process.env.NODE_ENV,
...metadata
};
if (success) {
console.log('MCP_SUCCESS', JSON.stringify(logEntry));
} else {
console.error('MCP_FAILURE', JSON.stringify(logEntry));
}
}
};
```
### Health Checks
```javascript
class HealthChecker {
async performHealthCheck() {
const checks = [
this.checkConnectivity(),
this.checkAuthentication(),
this.checkLatency()
];
const results = await Promise.allSettled(checks);
return {
healthy: results.every(r => r.status === 'fulfilled'),
checks: results.map((r, i) => ({
name: ['connectivity', 'authentication', 'latency'][i],
status: r.status,
value: r.value,
error: r.reason
}))
};
}
}
```
## Testing Best Practices
### Mock External Dependencies
```javascript
// test/mcp-client.test.js
describe('MCP Client', () => {
beforeEach(() => {
nock('https://stg.onli.app')
.get('/health')
.reply(200, { status: 'healthy' });
});
it('should connect successfully with valid config', async () => {
const config = createTestConfig();
const client = new MCPClient(config);
const result = await client.healthCheck();
expect(result.status).toBe('healthy');
});
});
```
### Test Different Environments
```javascript
const testConfigs = {
development: createDevConfig(),
staging: createStagingConfig(),
production: createProdConfig()
};
Object.entries(testConfigs).forEach(([env, config]) => {
describe(`${env} environment`, () => {
it('should have valid configuration', () => {
expect(() => validateConfig(config)).not.toThrow();
});
});
});
```
## Next Steps
- Review [Setup Instructions](/mcp-configuration/setup) for implementation details
- Check [Troubleshooting Guide](/mcp-configuration/troubleshooting) for common issues
- Join our [Developer Community](https://forum.onli.app) for best practice discussions
## Support
For questions about best practices:
- **Email**: [support@onli.one](mailto:support@onli.one)
- **Documentation**: [Configuration Guides](/mcp-configuration/guides)
- **Community**: [Onli Developer Forum](https://forum.onli.app)
---
# Source: https://onli.support/mcp-configuration/guides/
---
title: "Configuration Guides"
description: "Step-by-step setup instructions for MCP configuration"
author: "Onli Platform"
date: "2024-01-01"
tags: ["mcp", "configuration", "setup"]
---
# Configuration Guides
This section provides comprehensive configuration guides for setting up your MCP (Model Context Protocol) integration with the Onli Platform.
## Overview
MCP Configuration enables seamless integration between your applications and the Onli Platform, providing standardized communication protocols and data exchange formats.
## Basic Configuration
### Prerequisites
Before configuring MCP, ensure you have:
1. Valid Onli Platform credentials
2. Proper network access to Onli services
3. Required authentication tokens
### Configuration Steps
1. **Initial Setup**
- Download and install the required MCP components
- Configure your environment variables
- Set up authentication credentials
2. **Service Configuration**
- Configure service endpoints
- Set up data exchange protocols
- Configure security settings
3. **Testing Configuration**
- Verify connectivity
- Test data exchange
- Validate authentication
## Advanced Configuration
For advanced setups, refer to our additional guides:
- [Setup Instructions](/mcp-configuration/setup)
- [Best Practices](/mcp-configuration/best-practices)
- [Troubleshooting](/mcp-configuration/troubleshooting)
## Support
For configuration assistance, contact our support team at [support@onli.one](mailto:support@onli.one).
---
# Source: https://onli.support/mcp-configuration/setup/
---
title: "Setup Instructions"
description: "Environment-specific configurations for MCP setup"
author: "Onli Platform"
date: "2024-01-01"
tags: ["mcp", "setup", "configuration", "environment"]
---
# MCP Setup Instructions
This guide provides detailed setup instructions for configuring MCP (Model Context Protocol) in different environments.
## Prerequisites
Before setting up MCP, ensure you have:
- **Valid Onli Platform Account**: Active account with appropriate permissions
- **API Credentials**: Master User ID and App Key from your Onli dashboard
- **Network Access**: Ability to reach Onli platform endpoints
- **Development Environment**: Node.js 18+ or compatible runtime
## Basic MCP Configuration
### Configuration Format
MCP configurations follow a standardized JSON format. Here's the basic structure:
```json
{
"onli-mcp": {
"url": "https://stg.onli.app",
"headers": {
"User-Id": "",
"App-Key": "",
"App-Symbol": "ENGMA"
}
}
}
```
### Configuration Parameters
| Parameter | Description | Required | Example |
|-----------|-------------|----------|---------|
| `url` | Onli platform endpoint URL | Yes | `https://stg.onli.app` |
| `User-Id` | Your master user identifier | Yes | `user_12345` |
| `App-Key` | Application-specific API key | Yes | `ak_abcd1234...` |
| `App-Symbol` | Application symbol identifier | Yes | `ENGMA` |
## Environment-Specific Setup
### Development Environment
For development environments, use the staging endpoint:
```json
{
"onli-mcp": {
"url": "https://stg.onli.app",
"headers": {
"User-Id": "dev_user_id",
"App-Key": "dev_app_key",
"App-Symbol": "ENGMA"
},
"options": {
"timeout": 30000,
"retries": 3,
"debug": true
}
}
}
```
### Production Environment
For production environments, use the production endpoint:
```json
{
"onli-mcp": {
"url": "https://api.onli.app",
"headers": {
"User-Id": "prod_user_id",
"App-Key": "prod_app_key",
"App-Symbol": "ENGMA"
},
"options": {
"timeout": 15000,
"retries": 5,
"debug": false
}
}
}
```
### Testing Environment
For testing and QA environments:
```json
{
"onli-mcp": {
"url": "https://test.onli.app",
"headers": {
"User-Id": "test_user_id",
"App-Key": "test_app_key",
"App-Symbol": "ENGMA"
},
"options": {
"timeout": 20000,
"retries": 2,
"debug": true
}
}
}
```
## Implementation Steps
### Step 1: Obtain Credentials
1. Log into your Onli Platform dashboard
2. Navigate to **API Settings** > **MCP Configuration**
3. Generate or retrieve your:
- Master User ID
- App Key
- App Symbol (if not already assigned)
### Step 2: Environment Configuration
1. Create your configuration file (e.g., `mcp-config.json`)
2. Add the appropriate configuration for your environment
3. Secure your credentials using environment variables or secret management
### Step 3: Initialize MCP Client
```javascript
// Example initialization (implementation may vary)
const mcpConfig = require('./mcp-config.json');
const MCPClient = require('@onli/mcp-client');
const client = new MCPClient(mcpConfig['onli-mcp']);
```
### Step 4: Verify Connection
```javascript
// Example connection verification
async function verifyConnection() {
try {
const status = await client.healthCheck();
console.log('MCP connection successful:', status);
} catch (error) {
console.error('MCP connection failed:', error);
}
}
```
## Security Considerations
### Credential Management
- **Never commit credentials** to version control
- Use environment variables for sensitive data
- Implement credential rotation policies
- Monitor API key usage
### Network Security
- Ensure HTTPS connections only
- Implement proper timeout configurations
- Use appropriate retry policies
- Monitor connection patterns
## Advanced Configuration Options
### Timeout Settings
```json
{
"options": {
"timeout": 15000,
"connectionTimeout": 5000,
"requestTimeout": 10000
}
}
```
### Retry Configuration
```json
{
"options": {
"retries": 3,
"retryDelay": 1000,
"retryOnFailure": true
}
}
```
### Logging Configuration
```json
{
"options": {
"debug": false,
"logLevel": "info",
"logRequests": true,
"logResponses": false
}
}
```
## Next Steps
After completing the basic setup:
1. Review [Best Practices](/mcp-configuration/best-practices) for optimization guidelines
2. Test your configuration thoroughly
3. Implement error handling and monitoring
4. Refer to [Troubleshooting](/mcp-configuration/troubleshooting) if you encounter issues
## Support
For setup assistance or questions:
- **Email**: [support@onli.one](mailto:support@onli.one)
- **Documentation**: [Configuration Guides](/mcp-configuration/guides)
- **Community**: [Onli Developer Forum](https://forum.onli.app)
---
# Source: https://onli.support/mcp-configuration/troubleshooting/
---
title: "Troubleshooting Guide"
description: "Common issues and solutions for MCP configuration"
author: "Onli Platform"
date: "2024-01-01"
tags: ["mcp", "troubleshooting", "debugging", "issues"]
---
# MCP Configuration Troubleshooting
This guide helps diagnose and resolve common issues with MCP configuration and connectivity.
## Quick Diagnostics
### Connection Test
Run this quick test to verify your MCP configuration:
```bash
# Test basic connectivity
curl -H "User-Id: your_user_id" \
-H "App-Key: your_app_key" \
-H "App-Symbol: ENGMA" \
https://stg.onli.app/health
```
Expected response:
```json
{
"status": "healthy",
"timestamp": "2024-01-01T12:00:00Z",
"version": "1.0.0"
}
```
### Configuration Validation
```javascript
function validateMCPConfig(config) {
const issues = [];
// Check required fields
if (!config.url) issues.push("Missing 'url' field");
if (!config.headers) issues.push("Missing 'headers' object");
if (!config.headers['User-Id']) issues.push("Missing 'User-Id' header");
if (!config.headers['App-Key']) issues.push("Missing 'App-Key' header");
if (!config.headers['App-Symbol']) issues.push("Missing 'App-Symbol' header");
// Check URL format
if (config.url && !config.url.startsWith('https://')) {
issues.push("URL must use HTTPS protocol");
}
return issues.length === 0 ? { valid: true } : { valid: false, issues };
}
```
## Common Issues and Solutions
### 1. Authentication Errors
#### Issue: 401 Unauthorized
**Symptoms:**
```json
{
"error": "Unauthorized",
"code": 401,
"message": "Invalid or missing authentication credentials"
}
```
**Possible Causes:**
- Incorrect User ID or App Key
- Expired credentials
- Missing authentication headers
**Solutions:**
1. **Verify Credentials**
```bash
# Check if credentials are properly set
echo "User ID: $ONLI_USER_ID"
echo "App Key: $ONLI_APP_KEY"
echo "App Symbol: $ONLI_APP_SYMBOL"
```
2. **Regenerate API Keys**
- Log into Onli Platform dashboard
- Navigate to API Settings > MCP Configuration
- Generate new App Key
- Update your configuration
3. **Check Header Format**
```json
{
"headers": {
"User-Id": "user_12345", // Correct format
"App-Key": "ak_abcd1234...", // Correct format
"App-Symbol": "ENGMA" // Correct format
}
}
```
#### Issue: 403 Forbidden
**Symptoms:**
```json
{
"error": "Forbidden",
"code": 403,
"message": "Insufficient permissions for requested operation"
}
```
**Solutions:**
1. **Check Account Permissions**
- Verify your account has MCP access enabled
- Contact administrator to check permission levels
2. **Verify App Symbol**
```javascript
// Ensure App Symbol matches your account configuration
const validSymbols = ['ENGMA', 'OTHER_SYMBOL'];
if (!validSymbols.includes(config.headers['App-Symbol'])) {
console.error('Invalid App Symbol');
}
```
### 2. Connection Issues
#### Issue: Network Timeouts
**Symptoms:**
```
Error: ETIMEDOUT - Connection timed out
Error: ECONNREFUSED - Connection refused
```
**Solutions:**
1. **Check Network Connectivity**
```bash
# Test basic connectivity
ping api.onli.app
# Test HTTPS connectivity
curl -I https://api.onli.app
```
2. **Adjust Timeout Settings**
```json
{
"onli-mcp": {
"url": "https://api.onli.app",
"options": {
"timeout": 30000, // Increase timeout
"connectionTimeout": 10000, // Connection-specific timeout
"retries": 3 // Enable retries
}
}
}
```
3. **Check Firewall/Proxy Settings**
```bash
# If behind corporate firewall, check proxy settings
export HTTPS_PROXY=http://proxy.company.com:8080
export HTTP_PROXY=http://proxy.company.com:8080
```
#### Issue: SSL/TLS Errors
**Symptoms:**
```
Error: DEPTH_ZERO_SELF_SIGNED_CERT
Error: CERT_HAS_EXPIRED
Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE
```
**Solutions:**
1. **Update Certificate Store**
```bash
# On Ubuntu/Debian
sudo apt-get update && sudo apt-get install ca-certificates
# On macOS
brew update && brew upgrade
```
2. **Check System Time**
```bash
# Ensure system time is correct
date
```
3. **Verify Certificate Chain**
```bash
openssl s_client -connect api.onli.app:443 -servername api.onli.app
```
### 3. Configuration Issues
#### Issue: Invalid Configuration Format
**Symptoms:**
```
Error: Configuration validation failed
Error: Invalid JSON format
```
**Solutions:**
1. **Validate JSON Format**
```bash
# Use jq to validate JSON
cat config.json | jq .
```
2. **Check Required Fields**
```javascript
const requiredFields = [
'url',
'headers.User-Id',
'headers.App-Key',
'headers.App-Symbol'
];
function checkRequired(config) {
return requiredFields.every(field => {
const value = field.split('.').reduce((obj, key) => obj?.[key], config);
return value !== undefined && value !== null && value !== '';
});
}
```
3. **Use Configuration Template**
```json
{
"onli-mcp": {
"url": "https://stg.onli.app",
"headers": {
"User-Id": "${ONLI_USER_ID}",
"App-Key": "${ONLI_APP_KEY}",
"App-Symbol": "${ONLI_APP_SYMBOL}"
},
"options": {
"timeout": 15000,
"retries": 3,
"debug": false
}
}
}
```
### 4. Environment-Specific Issues
#### Issue: Environment Variable Not Found
**Symptoms:**
```
Error: Environment variable ONLI_USER_ID is not defined
Error: Cannot read property of undefined
```
**Solutions:**
1. **Check Environment Variables**
```bash
# List all ONLI-related environment variables
env | grep ONLI
# Check specific variables
echo "User ID: ${ONLI_USER_ID:-'NOT SET'}"
echo "App Key: ${ONLI_APP_KEY:-'NOT SET'}"
echo "App Symbol: ${ONLI_APP_SYMBOL:-'NOT SET'}"
```
2. **Load Environment File**
```bash
# Load from .env file
source .env
# Or use dotenv in Node.js
require('dotenv').config();
```
3. **Set Variables Manually**
```bash
export ONLI_USER_ID="your_user_id"
export ONLI_APP_KEY="your_app_key"
export ONLI_APP_SYMBOL="ENGMA"
```
#### Issue: Wrong Environment Endpoint
**Symptoms:**
- Development code hitting production endpoints
- Production errors in development environment
**Solutions:**
1. **Environment-Specific Configuration**
```javascript
const environments = {
development: {
url: 'https://stg.onli.app',
debug: true
},
production: {
url: 'https://api.onli.app',
debug: false
}
};
const config = environments[process.env.NODE_ENV] || environments.development;
```
2. **Validate Environment**
```javascript
function validateEnvironment() {
const env = process.env.NODE_ENV;
const url = config.url;
if (env === 'production' && url.includes('stg.')) {
throw new Error('Production environment using staging URL');
}
if (env === 'development' && url.includes('api.') && !url.includes('stg.')) {
console.warn('Development environment using production URL');
}
}
```
## Debugging Tools
### 1. Enable Debug Logging
```javascript
const config = {
"onli-mcp": {
"url": "https://stg.onli.app",
"headers": {
"User-Id": "${ONLI_USER_ID}",
"App-Key": "${ONLI_APP_KEY}",
"App-Symbol": "ENGMA"
},
"options": {
"debug": true, // Enable debug logging
"logRequests": true, // Log outgoing requests
"logResponses": true // Log incoming responses
}
}
};
```
### 2. Network Debugging
```bash
# Monitor network traffic
tcpdump -i any host api.onli.app
# Use curl with verbose output
curl -v -H "User-Id: your_user_id" \
-H "App-Key: your_app_key" \
-H "App-Symbol: ENGMA" \
https://stg.onli.app/health
```
### 3. Application Debugging
```javascript
class MCPDebugger {
static logRequest(config, request) {
console.log('MCP Request:', {
timestamp: new Date().toISOString(),
url: config.url,
headers: this.sanitizeHeaders(request.headers),
method: request.method,
body: request.body
});
}
static logResponse(response, duration) {
console.log('MCP Response:', {
timestamp: new Date().toISOString(),
status: response.status,
duration: `${duration}ms`,
headers: response.headers,
body: response.body
});
}
static sanitizeHeaders(headers) {
// Remove sensitive information from logs
const sanitized = { ...headers };
if (sanitized['App-Key']) {
sanitized['App-Key'] = `${sanitized['App-Key'].substring(0, 4)}...`;
}
return sanitized;
}
}
```
## Error Codes Reference
| Code | Error | Description | Solution |
|------|-------|-------------|----------|
| 400 | Bad Request | Invalid request format | Check request structure and parameters |
| 401 | Unauthorized | Invalid credentials | Verify User-Id and App-Key |
| 403 | Forbidden | Insufficient permissions | Check account permissions and App-Symbol |
| 404 | Not Found | Endpoint not found | Verify URL and endpoint path |
| 429 | Rate Limited | Too many requests | Implement rate limiting and retries |
| 500 | Internal Error | Server error | Check server status, contact support |
| 503 | Service Unavailable | Service temporarily down | Check status page, implement retries |
## Health Check Endpoints
Use these endpoints to verify service health:
| Environment | Health Check URL |
|-------------|------------------|
| Development | `https://stg.onli.app/health` |
| Production | `https://api.onli.app/health` |
## Getting Additional Help
### 1. Collect Diagnostic Information
Before contacting support, gather:
```bash
# System information
uname -a
node --version
npm --version
# Network connectivity
curl -I https://api.onli.app
# Configuration (sanitized)
cat config.json | jq 'del(.headers["App-Key"])'
# Recent logs
tail -n 50 application.log
```
### 2. Contact Support
- **Email**: [support@onli.one](mailto:support@onli.one)
- **Subject**: "MCP Configuration Issue - [Brief Description]"
- **Include**: Diagnostic information, error messages, configuration (without sensitive data)
### 3. Community Resources
- **Documentation**: [Configuration Guides](/mcp-configuration/guides)
- **Best Practices**: [MCP Best Practices](/mcp-configuration/best-practices)
- **Forum**: [Onli Developer Community](https://forum.onli.app)
- **Status Page**: [Onli Platform Status](https://status.onli.app)
## Preventive Measures
### 1. Regular Health Checks
```javascript
setInterval(async () => {
try {
await client.healthCheck();
console.log('MCP health check: OK');
} catch (error) {
console.error('MCP health check failed:', error);
// Implement alerting logic
}
}, 5 * 60 * 1000); // Every 5 minutes
```
### 2. Monitoring and Alerting
```javascript
class MCPMonitor {
setupAlerts() {
// Alert on authentication failures
this.on('auth_error', () => {
this.sendAlert('Authentication failure detected');
});
// Alert on high error rates
this.on('high_error_rate', (rate) => {
this.sendAlert(`Error rate exceeded threshold: ${rate}%`);
});
// Alert on service downtime
this.on('service_down', () => {
this.sendAlert('MCP service appears to be down');
});
}
}
```
### 3. Configuration Backup
```bash
# Backup configuration (without secrets)
cp config.json config.json.backup.$(date +%Y%m%d)
# Version control (excluding secrets)
git add config.json
git commit -m "Update MCP configuration"
```
---
# Source: https://onli.support/privacy/
---
title: ""
lastUpdated: "September 24, 2025"
---
# Privacy Policy
The Onli Corporation ("Company", "we", "our", or "us") respects your privacy and is committed to protecting it through our compliance with this policy. This policy describes how we collect, process, retain, and disclose personal data about you when providing services to you through our websites, applications, products, and services that link to this policy (our "Services") and our practices for using, maintaining, protecting, and disclosing that information.
This Policy applies to all of our Services, including:
- If you are a visitor to our website, including without limitation signing up for or requested any goods or services.
- If you sign up to be or are a software developer developing an Appliance with Onli technology ("Developer"), your developer Services and account ("Developer Account") and use of developer portals, tools, and websites ("Developer Tools").
- If you are an end-user of the OnliYou application on iOS, your OnliYou services and account ("OnliYou"), including the evolving personal digital identity object ("Gene") and the hyper-dimentional vector data storage objects it can receive, create, store, and transmit ("Genomes").
This policy applies only to information we collect:
- Through the Services.
- In communications, including email, text, chat, and other electronic messages, between you and the Services.
- Information we receive about you from Third Party Appliances.
- if you are a Developer, information we receive about you from third party vendors providing products or services to you or your Appliance.
It does not apply to information collected by:
- Us offline or through any other means, including other websites operated by any third party that does not link to this policy; or
- Any third party including through any application or content (including advertising) that may link to or be accessible from or through the Services.
- Any Appliance, except to the extent we explicitly state.
We may provide additional or different privacy policies that are specific to certain features, services, or activities.
Please read this policy carefully to understand our policies and practices regarding your information and how we treat it. By interacting with our Services or providing us with your information, you agree to the collection, use, and sharing of your information as described in this privacy policy. This policy may change from time to time (see How We Retain Your Personal Data). Your continued use of the Services after we make changes as described here is deemed to be acceptance of those changes, so please check the policy periodically for updates.
## Children's and Minors' Data
Our Services are not intended for, and we do not knowingly collect any personal data from, children under the age of 18. If we learn we have collected or received personal data from a child under 18 years old without verification of parental consent, we will delete that information.
## The Personal Data That We Collect or Process
"Personal data" is information that identifies, relates to, or describes, directly or indirectly, you as an individual, such as your name, email address, telephone number, home address, or payment information (for example, account information such as name, postal address, and email address, government issued identifiers).
The types and categories of personal data we collect or process include:
- Account and contact information, including name, address, email address, phone number, username, and other contact information you provide us.
- Location information, including general geographic location such as country, state or province, or city.
- Device information, device identifiers, operating system and version, preferred language, hardware identifiers, browser type and settings, and other device information.
- Content and information you provide as part of your profile or accounts, such as your Developer Account or OnliYou.
- If you access or use the Website, the types and categories of personal data we collect or process can also include:
- Device information including IP address.
If you are a Developer, the types and categories of personal data we collect or process can also include:
- Images, voice recordings, and videos collected or stored in connection with the Services.
- Device information including IP address.
- Payment or financial information. For all self-service Developer Accounts, this data and information is generally collected through third party services prividers such as Stripe®.
- Account history, including information about your subscription, account, transactions, purchases, or order history.
If you are an end user of OnliYou, the types and categories of personal data we collect or process can also include:
- Images, voice recordings, and videos collected for use in identification. For OnliYou, this data and information is generally collected, processed, and stored through the third-party service provider identified at the time of collection, such as Clear®.
- Identity document information, including government issued identifirs such as driver's license numbers. For OnliYou, this data and information is generally collected, processed, and stored through the third-party service provider identified at the time of collection, such as Clear®.
Some of the information identified above, including identification document information may be considered sensitive data under certain laws. If required under applicable law, we will collect and process sensitive personal data only with your consent. If you choose not to provide or allow us to collect some information, we may not be able to provide you with requested features, services, or information.
We also collect:
- Statistics or aggregated information. Statistical or aggregated data does not directly identify a specific person, but we may derive non-personal statistical or aggregated data from personal data. For example, we may aggregate personal data to calculate the percentage of users accessing a specific Services feature.
- Technical information. Technical information includes information about your internet connection and usage details about your interactions with the Services, such as clickstream information on our Website or Developer Tools (or "tapstream" information on the OnliYou App) to, through, and from our Services (including date and time), training information or documentation that you view or search for; page response times, download errors, length of your visits to certain web pages, or page interaction information (such as scrolling, clicks, taps, and mouse-overs)..
If we combine or connect non-personal statistical or technical data with personal data so that it directly or indirectly identifies an individual, we treat the combined information as personal information.
## How We Collect Your Personal and Other Data
### You Provide Information to Us
We collect information about you when you interact with our Services, such as when you create or update an account, place an order, subscribe, make a purchase, participate in surveys, promotions, or create, upload, or post content to the Services (for example, any forums or messaging we offer or control), including reviews, media such as photos, videos, or audio recordings.
### Automatically Through Our Services
As you navigate through and interact with our Services, we may use automatic data collection technologies to collect information that may include personal data. On our Website or Developer Tools, information collected automatically may include usage details, IP addresses, operating system, and browser type, (and if required for our Website or Developer Tool functionality information collected through cookies or web beacons), including details of your interactions with our Services, such as traffic data, location data, logs, and other communication data, and which resources and Services features that you access and use.
Using automatic collection technologies helps us to improve our Services, deliver a better and more personalized experience, and provide optimized user expierence and functionality.
The technologies we use for this automatic data collection on our Website and Developer Tools may include:
- **Cookies.** A cookie is a small file placed on your device when you interact with the Services. You may refuse to accept or disable cookies by activating the appropriate setting on your browser or device. However, if you select this setting, you may be unable to access certain features of the Services.
- **Web Beacons.** Some parts of the Services may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those parts orand for other related statistics (for example, recording the popularity of certain content and verifying system and server integrity).
To the extent any of these automated technologies are considered a personal data sale, targeted advertising, or profiling, under applicable laws, depending on where you live, you may opt out from use of these automated technologies for such uses by emailing privacy@theonlicorporation.com. Please note that some Services features may be unavailable as a result.
When you interact with the Services, there are third parties that may use automatic collection technologies to collect information about your or your device. These third parties include:
- Analytics companies.
- Your device manufacturer.
- Your internet or mobile service provider.
When using OnliYou, additional third parties may automatically collect and receive information about you or your device, specifically:
- Appliances that you have authorized to access OnliYou.
We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. Any Appliance you give access to OnliYou will be subject to the developer's privacy policy, terms of service, end-user license agreement, and other applicable agreements and policies.
### From Business Partners and Service Providers
We may receive personal data about you from other sources and combine that with information we collect directly from you. For example, we may obtain information about you from service providers that we engage to perform services on our behalf, such as payment processors, and analytics, security and anti-fraud services.
If you are a Developer, we ay receive information about you from third party technology partners, including without limitation those servicing or supporting your Appliance.
If you are an OnliYou end-user, we ay receive information about you from Appliances you have authoriced to access, collect, receive, process, and/or store your information.
If you are both an OnliYou end-user and a Developer, we may combine your data from OnliYou with your Developer Account data, and use such combined data and information for any purpose for which we could use your data as a Developer.
## How We Use Your Information
We use information that we collect about you or that you provide to us, including any personal data, to:
- Provide you with the Services and any contents, features, information, products, or services that we make available through the Services.
- Fulfill and manage subscriptions, purchases, orders, and payments.
- Fulfill any other purpose for which you provide it.
- Provide you with notices about your account, including expiration and renewal notices.
- Improve our Services, including by analyzing your information and creating aggregated data derived from your information) to develop, maintain, analyze, improve, optimize, measure, and report on our Services and their features and how users interact with them. Our analysis may include the use of technology like machine learning and large language models, which may include training these models or sharing with third parties for model training.
- Promote our Services, business, and offerings by publishing advertising on our own Services. We may use your information to model, segment, target, offer, market, and advertise our Services.
- Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
- Notify you when Services updates are available and about changes to any products or services we offer or provide though them.
- In any other way we may describe when you provide the information.
- For any other purpose with your consent.
The usage information we collect, whether connected to your personal data or not, helps us improve our Services and deliver a better and more personalized experience by enabling us to:
- Estimate our audience sizes and usage patterns.
- Store information about your preferences, allowing us to customize the Services according to your individual needs and interests.
- Secure and protect your accounts and profiles.
- Recognize you when you return to our Services.
## Who We Disclose Your Information To
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
In general, we may also disclose personal data that we collect or you provide as described in this privacy policy:
- To our subsidiaries and affiliates.
- To contractors, service providers, and other third parties we use to support our organization.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of The Onli Corporation's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by The Onli Corporation is among the assets transferred.
- To fulfill the purpose for which you provide it.
- For any other purpose disclosed by us when you provide the information.
- With your consent.
We may also disclose your personal data:
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- To enforce or apply our license agreements, terms of use, terms of service, or other policies.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of our organization, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
The categories of personal information we may disclose include:
If you are a Developer, we may also disclose personal data that we collect or you provide as described in this privacy policy:
- To third parties to market their products or services to you if you have not opted out of these disclosures. For more information, see Your Rights and Choices About Your Information.
- To enforce the Developer Terms and Conditions and other agreements, including for billing and collection purposes.
If you are an OnliYou end user, we may also disclose personal data that we collect or you provide as described in this privacy policy:
- Some or all of the information in your OnliYou Gene to Appliances that you have authorized.
- Information from or about your Genomes, including information that you owned or possessed such genomes.
## Your Rights and Choices About Your Information
This section describes mechanisms you can use to control certain uses and disclosures of your information and rights you may have under state law, depending on where you live.
**Advertising, marketing, cookies, and other tracking technologies choices:**
- **Cookies and Other Tracking Technologies.** For interactions with our Website or Developer Tools, you can set your browser to refuse all or some browser cookies or other tracking technology files, or to alert you when these files are being sent. If you disable or refuse cookies or similar tracking files, some Services features may be inaccessible or not function properly. Some browsers include a "Do Not Track" (DNT) setting that can send a signal to the online services you visit indicating you do not wish to be tracked.
- **Promotions by the Company.** If you are an OnliYou end user, we will not contact you about promotions except to announce or inform you of Appliances with which you can use OnliYou. If you are a Developer do not wish us to use your information to promote our own or third parties' products or services, you can opt out by selecting the appropriate settings in your Developer Account.
- **Disclosure of Your Information for Third-Party Advertising.** If you are an OnliYou end user, we do not share your information with third parties for advertising purposes. If you are a Developer and you do not want us to share your personal data with unaffiliated or non-agent third parties for advertising and marketing purposes, you can opt out by selecting the appropriate settings in your Developer Account. We do not control third parties' collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative ("NAI") on the NAI's website.
**Location data choices:**
- **Location Data.** In general, we do not collect real-time location information. However, as a general reminder, and to ensure such information is within your control, you can choose whether or not to allow collection and use real-time information about your device's location through the device's privacy settings. Some Appliances require such information and location data for their applications or services to function properly, including to have intended interactions with OnliYou. If you block the use of location information in the Appliance, some Services features may become inaccessible or not function properly because the Appliance is not functioning properly. Please refer to the Appliance developer's privacy policy for more information on their location data use.
## Your State Privacy Rights
Depending on your state of residency, you may have certain rights related to your personal data, including:
- **Access and Data Portability.** You may confirm whether we process your personal data and access a copy of the personal data we process. To the extent feasible and required by state law, depending on your state, data will be provided in a portable format. Depending on your state, you may have the right to receive additional information and it will be included in the response to your access request.
- **Correction.** You may request that we correct inaccuracies in your personal data that we maintain, taking into account the information's nature and processing purpose.
- **Deletion.** You may request that we delete personal data about you that we maintain, subject to certain exception under applicable law. If you are an OnliYou end user, data related to your Gene or Genomes, including personal information such as your name or user identifier, will not be able to be deleted because it may be stored in Genomes. These Genomes may have been sent to other users, Appliances, devices, or locations. Information from about you from your Gene and Genomes therefore may be required to maintain records related to ownership, possession, legal compliance, or other technological or legal requirements.
- **Opt Out of Using Personal Data for Targeted Advertising, Profiling, and Sales.** You may request that we do not use your personal data for these purposes.
**Important:** The exact scope of these rights vary by state. There are also several exceptions where we may not have an obligation to fulfill your request.
To exercise any of these rights, please email privacy@theonlicorporation.com. To appeal a decision regarding a consumer rights request please also email privacy@theonlicorporation.com.
Nevada provides its residents with a limited right to opt out of certain personal data sales. Residents who wish to exercise their sale opt-out rights may submit a request to this designated address: privacy@theonlicorporation.com. However, please know we do not currently sell data triggering that statute's opt-out requirements.
## How We Protect Your Personal Data
We use commercially reasonable administrative, physical, and technical measures designed to protect your personal data from accidental loss or destruction and from unauthorized access, use, alteration, and disclosure. However, no website, mobile application, system, electronic storage, or online service is completely secure, and we cannot guarantee the security of your personal data transmitted to, through, using, or in connection with the Services. In particular, email, texts, and chats sent to or from the Services may not be secure, and you should carefully decide what information you send to us via such communications channels. Any transmission of personal data is at your own risk.
The safety and security of your information also depends on you. You are responsible for taking steps to protect your personal data against unauthorized use, disclosure, and access.
## How We Retain Your Personal Data
We keep the categories of personal data described in this policy for as long as reasonably necessary to fulfill the purposes described or for as otherwise legally permitted or required, such as maintaining the Services, operating our organization, complying with our legal obligations, resolving disputes, and for safety, security, and fraud prevention. This means that we consider our legal and business obligations, potential risks of harm, and nature of the information when deciding how long to retain personal data. At the end of the retention period, personal data will be deleted, destroyed, or deidentified. As one example, data in Genomes may exist indefinitely due to the need to track or prove the origin, possession, control, chain of ownership, or other technical requirements of Onli technology or Appliance legal obligations.
## Changes to Our Privacy Policy
We may update this policy from time to time, and we will provide notice of any such changes to the policy as required by law. The date the privacy policy was last updated is identified at the top of the page. We will notify you of changes to this policy by updating the "last updated" date and posting the updated policy on the Services. We may email or otherwise communicate reminders about this policy, but you should check our Services periodically to see the current policy and any changes we have made to it.
## Contact Information
To exercise your rights or ask questions or comment about this privacy policy or our privacy practices, contact us at:
privacy@theonlicorporation.com