Setting up the SSN

Default Port Requirements for SSNs

Inbound33133Protocol level port for receiving network data
Inbound4201/443API service
Inbound4401WebSocket service
Inbound4501Staking API service
Outbound443For getting initial node data for syncing

Preparing the Node

Launching a seed node for staking is similar to launching a normal seed node, with some additional configuration steps.

In this guide, we will walk you through the steps on how to set up the seed node via

  1. Docker
  2. Native build

You can go for either one of the options below (click to expand).

(Optional) Configuring Domain Name

Once your seed node is fully set up, it is time to configure your domain name to point to the address of your seed node.

If your seed node is not behind a load balancer, you can set an A record in your domain registrar to point your domain/subdomain to your seed node’s IP address.

If your seed node is behind a load balancer, you can set a CNAME record in your domain registrar to point your domain/subdomain to the hostname of your load balancer.

Whitelisting and API Servicing

It is necessary for the staked seed node to be whitelisted by Zilliqa in phase 1 in order to receive data broadcasts about the blockchain and its state. Currently, there are 2 forms of whitelisting supported:

  1. Whitelisting via a static IP
  2. Whitelisting via public key of the SSN

We recommend SSN operators to use the whitelisting by public key approach.

Testing Your SSN's JSON-RPC Port

To check whether your node's JSON-RPC server is publicly available, you can use the following curl command.

curl -d '{
"id": "1",
"jsonrpc": "2.0",
"method": "GetBlockchainInfo",
"params": [""]
}' -H "Content-Type: application/json" -X POST "<staked seed node address>"

If you received the latest blockchain information (similar to the one below) from the staked seed node, your JSON-RPC service is running well.


Testing Your SSN's WebSocket Port

You can use an online WebSocket test utility to test whether your WebSocket is publicly accessible.

  1. Visit
  2. Under location, put your WebSocket URL link (e.g., wss://<yourdomain here or ip:port>)
  3. Click on connect
  4. If “CONNECTED” is shown in the log, your WebSocket port is publicly accessible

Advanced Setup

Different node operators may wish to have a different setup to secure their SSN. It is possible as long as:

  1. JSON-RPC port (by default 4201) and WebSocket port are accessible by anyone without any restriction
  2. Staking API port (by default 4501) is accessible by the verifier to check the SSN

SSN operators are allowed to:

  • Serve the API service over TLS
  • Change the default port numbers (please inform us)
  • Point their domain or subdomain to the SSN
  • Add a load balancer in front of their node
  • Add additional services such as Cloudflare proxy in front of the node
  • Run more than 1 SSN node behind a load balancer (these will collectively be treated as a single SSN)

SSN operators are not allowed to:

  • Outsource API service to other node operators or Zilliqa seed nodes
  • Restrict or censor any API service to the public or any region