@aptos-labs/ts-sdk 1.13.2 → 1.13.3-zeta.0

package/src/{core/account → account}/Ed25519Account.ts

@@ -1,8 +1,10 @@
-import { AccountAuthenticatorEd25519 } from "../../transactions/authenticator/account";
-import { HexInput, SigningScheme } from "../../types";
-import { AccountAddress, AccountAddressInput } from "../accountAddress";
-import { Ed25519PrivateKey, Ed25519PublicKey, Ed25519Signature } from "../crypto";
+import { AccountAuthenticatorEd25519 } from "../transactions/authenticator/account";
+import { HexInput, SigningScheme } from "../types";
+import { AccountAddress, AccountAddressInput } from "../core/accountAddress";
+import { Ed25519PrivateKey, Ed25519PublicKey, Ed25519Signature } from "../core/crypto";
 import type { Account } from "./Account";
+import { AnyRawTransaction } from "../transactions/types";
+import { generateSigningMessageForTransaction } from "../transactions/transactionBuilder/signingMessage";
 
 export interface Ed25519SignerConstructorArgs {
   privateKey: Ed25519PrivateKey;
@@ -75,13 +77,17 @@ export class Ed25519Account implements Account {
     return this.publicKey.verifySignature(args);
   }
 
-  signWithAuthenticator(message: HexInput) {
-    const signature = this.privateKey.sign(message);
+  signWithAuthenticator(transaction: AnyRawTransaction) {
+    const signature = this.privateKey.sign(generateSigningMessageForTransaction(transaction));
     return new AccountAuthenticatorEd25519(this.publicKey, signature);
   }
 
   sign(message: HexInput) {
-    return this.signWithAuthenticator(message).signature;
+    return this.privateKey.sign(message);
+  }
+
+  signTransaction(transaction: AnyRawTransaction) {
+    return this.sign(generateSigningMessageForTransaction(transaction));
   }
 
   // endregion

package/src/account/EphemeralKeyPair.ts

@@ -0,0 +1,115 @@
+// Copyright © Aptos Foundation
+// SPDX-License-Identifier: Apache-2.0
+
+import { randomBytes } from "@noble/hashes/utils";
+
+import {
+  EPK_HORIZON_SECS,
+  Ed25519PrivateKey,
+  EphemeralPublicKey,
+  EphemeralSignature,
+  PrivateKey,
+} from "../core/crypto";
+import { Hex } from "../core/hex";
+import { bytesToBigIntLE, padAndPackBytesWithLen, poseidonHash } from "../core/crypto/poseidon";
+import { EphemeralPublicKeyVariant, HexInput, SigningSchemeInput } from "../types";
+import { Deserializer, Serializable, Serializer } from "../bcs";
+
+export class EphemeralKeyPair extends Serializable {
+  readonly blinder: Uint8Array;
+
+  readonly expiryDateSecs: bigint | number;
+
+  readonly nonce: string;
+
+  private privateKey: PrivateKey;
+
+  private publicKey: EphemeralPublicKey;
+
+  constructor(args: { privateKey: PrivateKey; expiryDateSecs?: bigint | number; blinder?: HexInput }) {
+    super();
+    const { privateKey, expiryDateSecs, blinder } = args;
+    this.privateKey = privateKey;
+    this.publicKey = new EphemeralPublicKey(privateKey.publicKey());
+    this.expiryDateSecs = expiryDateSecs || BigInt(floorToWholeHour(currentTimeInSeconds() + EPK_HORIZON_SECS));
+    this.blinder = blinder !== undefined ? Hex.fromHexInput(blinder).toUint8Array() : generateBlinder();
+    this.nonce = this.generateNonce();
+  }
+
+  getPublicKey(): EphemeralPublicKey {
+    return this.publicKey;
+  }
+
+  serialize(serializer: Serializer): void {
+    serializer.serializeU32AsUleb128(this.publicKey.variant);
+    serializer.serializeBytes(this.privateKey.toUint8Array());
+    serializer.serializeU64(this.expiryDateSecs);
+    serializer.serializeFixedBytes(this.blinder);
+  }
+
+  static deserialize(deserializer: Deserializer): EphemeralKeyPair {
+    const variantIndex = deserializer.deserializeUleb128AsU32();
+    let privateKey: PrivateKey;
+    switch (variantIndex) {
+      case EphemeralPublicKeyVariant.Ed25519:
+        privateKey = Ed25519PrivateKey.deserialize(deserializer);
+        break;
+      default:
+        throw new Error(`Unknown variant index for EphemeralPublicKey: ${variantIndex}`);
+    }
+    const expiryDateSecs = deserializer.deserializeU64();
+    const blinder = deserializer.deserializeFixedBytes(31);
+    return new EphemeralKeyPair({ privateKey, expiryDateSecs, blinder });
+  }
+
+  static fromBytes(bytes: Uint8Array): EphemeralKeyPair {
+    return EphemeralKeyPair.deserialize(new Deserializer(bytes));
+  }
+
+  static generate(args?: { scheme: SigningSchemeInput }): EphemeralKeyPair {
+    let privateKey: PrivateKey;
+
+    switch (args?.scheme) {
+      case SigningSchemeInput.Ed25519:
+      default:
+        privateKey = Ed25519PrivateKey.generate();
+    }
+
+    return new EphemeralKeyPair({ privateKey });
+  }
+
+  generateNonce(): string {
+    const fields = padAndPackBytesWithLen(this.publicKey.bcsToBytes(), 93);
+    fields.push(BigInt(this.expiryDateSecs));
+    fields.push(bytesToBigIntLE(this.blinder));
+    const nonceHash = poseidonHash(fields);
+    return nonceHash.toString();
+  }
+
+  /**
+   * Sign the given message with the private key.
+   *   *
+   * @param data in HexInput format
+   * @returns EphemeralSignature
+   */
+  sign(data: HexInput): EphemeralSignature {
+    return new EphemeralSignature(this.privateKey.sign(data));
+  }
+}
+
+function generateBlinder(): Uint8Array {
+  return randomBytes(31);
+}
+
+function currentTimeInSeconds(): number {
+  return Math.floor(new Date().getTime() / 1000);
+}
+
+function floorToWholeHour(timestampInSeconds: number): number {
+  const date = new Date(timestampInSeconds * 1000);
+  // Reset minutes and seconds to zero
+  date.setMinutes(0);
+  date.setSeconds(0);
+  date.setMilliseconds(0);
+  return Math.floor(date.getTime() / 1000);
+}

package/src/account/KeylessAccount.ts

@@ -0,0 +1,240 @@
+// Copyright © Aptos Foundation
+// SPDX-License-Identifier: Apache-2.0
+
+import { JwtPayload, jwtDecode } from "jwt-decode";
+import { decode } from "base-64";
+import { HexInput, SigningScheme } from "../types";
+import { AccountAddress } from "../core/accountAddress";
+import {
+  AnyPublicKey,
+  AnySignature,
+  KeylessPublicKey,
+  KeylessSignature,
+  OpenIdSignature,
+  OpenIdSignatureOrZkProof,
+  Signature,
+  SignedGroth16Signature,
+  computeAddressSeed,
+  fromDerivationPath as fromDerivationPathInner,
+} from "../core/crypto";
+
+import { Account } from "./Account";
+import { EphemeralKeyPair } from "./EphemeralKeyPair";
+import { Hex } from "../core/hex";
+import { AccountAuthenticatorSingleKey } from "../transactions/authenticator/account";
+import { Deserializer, Serializer } from "../bcs";
+import { deriveTransactionType, generateSigningMessage } from "../transactions/transactionBuilder/signingMessage";
+import { AnyRawTransaction } from "../transactions/types";
+
+function base64UrlDecode(base64Url: string): string {
+  // Replace base64url-specific characters
+  const base64 = base64Url.replace(/-/g, "+").replace(/_/g, "/");
+
+  // Pad the string with '=' characters if needed
+  const paddedBase64 = base64 + "==".substring(0, (3 - (base64.length % 3)) % 3);
+
+  // Decode the base64 string using the base-64 library
+  const decodedString = decode(paddedBase64);
+
+  return decodedString;
+}
+
+export class KeylessAccount implements Account {
+  static readonly PEPPER_LENGTH: number = 31;
+
+  static readonly SLIP_0010_SEED: string = "32 bytes";
+
+  publicKey: KeylessPublicKey;
+
+  ephemeralKeyPair: EphemeralKeyPair;
+
+  uidKey: string;
+
+  uidVal: string;
+
+  aud: string;
+
+  pepper: Uint8Array;
+
+  accountAddress: AccountAddress;
+
+  proof: SignedGroth16Signature;
+
+  signingScheme: SigningScheme;
+
+  jwt: string;
+
+  constructor(args: {
+    address?: AccountAddress;
+    ephemeralKeyPair: EphemeralKeyPair;
+    iss: string;
+    uidKey: string;
+    uidVal: string;
+    aud: string;
+    pepper: HexInput;
+    proof: SignedGroth16Signature;
+    jwt: string;
+  }) {
+    const { address, ephemeralKeyPair, iss, uidKey, uidVal, aud, pepper, proof, jwt } = args;
+    this.ephemeralKeyPair = ephemeralKeyPair;
+    const addressSeed = computeAddressSeed(args);
+    this.publicKey = new KeylessPublicKey(iss, addressSeed);
+    this.accountAddress = address ? AccountAddress.from(address) : this.publicKey.authKey().derivedAddress();
+    this.uidKey = uidKey;
+    this.uidVal = uidVal;
+    this.aud = aud;
+    this.jwt = jwt;
+    this.proof = proof;
+
+    this.signingScheme = SigningScheme.SingleKey;
+    const pepperBytes = Hex.fromHexInput(pepper).toUint8Array();
+    if (pepperBytes.length !== KeylessAccount.PEPPER_LENGTH) {
+      throw new Error(`Pepper length in bytes should be ${KeylessAccount.PEPPER_LENGTH}`);
+    }
+    this.pepper = pepperBytes;
+  }
+
+  serialize(serializer: Serializer): void {
+    serializer.serializeStr(this.jwt);
+    serializer.serializeStr(this.uidKey);
+    serializer.serializeFixedBytes(this.pepper);
+    this.ephemeralKeyPair.serialize(serializer);
+    this.proof.serialize(serializer);
+  }
+
+  static deserialize(deserializer: Deserializer): KeylessAccount {
+    const jwt = deserializer.deserializeStr();
+    const uidKey = deserializer.deserializeStr();
+    const pepper = deserializer.deserializeFixedBytes(31);
+    const ephemeralKeyPair = EphemeralKeyPair.deserialize(deserializer);
+    const proof = SignedGroth16Signature.deserialize(deserializer);
+    return KeylessAccount.fromJWTAndProof({
+      proof,
+      pepper,
+      uidKey,
+      jwt,
+      ephemeralKeyPair,
+    });
+  }
+
+  bcsToBytes(): Uint8Array {
+    const serializer = new Serializer();
+    this.serialize(serializer);
+    return serializer.toUint8Array();
+  }
+
+  bcsToHex(): Hex {
+    const bcsBytes = this.bcsToBytes();
+    return Hex.fromHexInput(bcsBytes);
+  }
+
+  signWithAuthenticator(transaction: AnyRawTransaction): AccountAuthenticatorSingleKey {
+    const raw = deriveTransactionType(transaction);
+    const signature = new AnySignature(this.sign(raw.bcsToBytes()));
+    const publicKey = new AnyPublicKey(this.publicKey);
+    return new AccountAuthenticatorSingleKey(publicKey, signature);
+  }
+
+  async waitForProofFetch() {
+    if (this.proof instanceof Promise) {
+      await this.proof;
+    }
+  }
+
+  sign(data: HexInput): Signature {
+    const { expiryDateSecs } = this.ephemeralKeyPair;
+    const currentTimeInSeconds = Math.floor(new Date().getTime() / 1000);
+    if (expiryDateSecs < currentTimeInSeconds) {
+      throw new Error("Ephemeral key pair is expired.");
+    }
+    if (this.proof instanceof Promise) {
+      throw new Error("Failed to fetch proof.");
+    }
+    const jwtHeader = this.jwt.split(".")[0];
+    const ephemeralPublicKey = this.ephemeralKeyPair.getPublicKey();
+
+    const serializer = new Serializer();
+    serializer.serializeFixedBytes(Hex.fromHexInput(data).toUint8Array());
+    serializer.serializeOption(this.proof.proof);
+    const signMess = generateSigningMessage(serializer.toUint8Array(), "APTOS::TransactionAndProof");
+
+    const ephemeralSignature = this.ephemeralKeyPair.sign(signMess);
+
+    return new KeylessSignature({
+      jwtHeader: base64UrlDecode(jwtHeader),
+      openIdSignatureOrZkProof: new OpenIdSignatureOrZkProof(this.proof),
+      expiryDateSecs,
+      ephemeralPublicKey,
+      ephemeralSignature,
+    });
+  }
+
+  signTransaction(transaction: AnyRawTransaction): Signature {
+    const raw = deriveTransactionType(transaction);
+    return this.sign(raw.bcsToBytes());
+  }
+
+  signWithOpenIdSignature(data: HexInput): Signature {
+    const [jwtHeader, jwtPayload, jwtSignature] = this.jwt.split(".");
+    const openIdSig = new OpenIdSignature({
+      jwtSignature,
+      jwtPayloadJson: jwtPayload,
+      uidKey: this.uidKey,
+      epkBlinder: this.ephemeralKeyPair.blinder,
+      pepper: this.pepper,
+    });
+
+    const { expiryDateSecs } = this.ephemeralKeyPair;
+    const ephemeralPublicKey = this.ephemeralKeyPair.getPublicKey();
+    const ephemeralSignature = this.ephemeralKeyPair.sign(data);
+    return new KeylessSignature({
+      jwtHeader,
+      openIdSignatureOrZkProof: new OpenIdSignatureOrZkProof(openIdSig),
+      expiryDateSecs,
+      ephemeralPublicKey,
+      ephemeralSignature,
+    });
+  }
+
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars, class-methods-use-this
+  verifySignature(args: { message: HexInput; signature: Signature }): boolean {
+    return true;
+  }
+
+  static fromBytes(bytes: Uint8Array): KeylessAccount {
+    return KeylessAccount.deserialize(new Deserializer(bytes));
+  }
+
+  static fromJWTAndProof(args: {
+    proof: SignedGroth16Signature;
+    jwt: string;
+    ephemeralKeyPair: EphemeralKeyPair;
+    pepper: HexInput;
+    uidKey?: string;
+  }): KeylessAccount {
+    const { proof, jwt, ephemeralKeyPair, pepper } = args;
+    const uidKey = args.uidKey ?? "sub";
+
+    const jwtPayload = jwtDecode<JwtPayload & { [key: string]: string }>(jwt);
+    const iss = jwtPayload.iss!;
+    if (typeof jwtPayload.aud !== "string") {
+      throw new Error("aud was not found or an array of values");
+    }
+    const aud = jwtPayload.aud!;
+    const uidVal = jwtPayload[uidKey];
+    return new KeylessAccount({
+      proof,
+      ephemeralKeyPair,
+      iss,
+      uidKey,
+      uidVal,
+      aud,
+      pepper,
+      jwt,
+    });
+  }
+
+  static fromDerivationPath(path: string, seed: Uint8Array): Uint8Array {
+    return fromDerivationPathInner(path, KeylessAccount.SLIP_0010_SEED, seed);
+  }
+}

package/src/account/MultiKeyAccount.ts

@@ -0,0 +1,119 @@
+// Copyright © Aptos Foundation
+// SPDX-License-Identifier: Apache-2.0
+
+import { Account } from "./Account";
+import { MultiKey, MultiSignature, PublicKey, Signature } from "../core/crypto";
+import { AccountAddress } from "../core/accountAddress";
+import { HexInput, SigningScheme } from "../types";
+import { AccountAuthenticatorMultiKey } from "../transactions/authenticator/account";
+import { AnyRawTransaction } from "../transactions/types";
+import { KeylessAccount } from "./KeylessAccount";
+
+export class MultiKeyAccount implements Account {
+  /**
+   * Public key associated with the account
+   */
+  readonly publicKey: MultiKey;
+
+  /**
+   * Account address associated with the account
+   */
+  readonly accountAddress: AccountAddress;
+
+  /**
+   * Signing scheme used to sign transactions
+   */
+  readonly signingScheme: SigningScheme;
+
+  signers: Account[];
+
+  signaturesBitmap: Uint8Array;
+
+  /**
+   * constructor for Account
+   *
+   * Need to update this to use the new crypto library if new schemes are added.
+   *
+   * @param args.privateKey PrivateKey - private key of the account
+   * @param args.address AccountAddress - address of the account
+   * @param args.legacy optional. If set to false, the keypair authentication keys will be derived with a unified scheme.
+   * Defaults to deriving an authentication key with the legacy scheme.
+   *
+   * This method is private because it should only be called by the factory static methods.
+   * @returns Account
+   */
+  constructor(args: { multiKey: MultiKey; signers: Account[] }) {
+    const { multiKey, signers } = args;
+
+    this.publicKey = multiKey;
+    this.signers = signers;
+    this.signingScheme = SigningScheme.MultiKey;
+
+    this.accountAddress = this.publicKey.authKey().derivedAddress();
+
+    const bits: number[] = [];
+    for (const signer of signers) {
+      bits.push(this.publicKey.getIndex(signer.publicKey));
+    }
+    this.signaturesBitmap = this.publicKey.createBitmap({ bits });
+  }
+
+  static fromPublicKeysAndSigners(args: {
+    publicKeys: PublicKey[];
+    signaturesRequired: number;
+    signers: Account[];
+  }): MultiKeyAccount {
+    const { publicKeys, signaturesRequired, signers } = args;
+    const multiKey = new MultiKey({ publicKeys, signaturesRequired });
+    return new MultiKeyAccount({ multiKey, signers });
+  }
+
+  static isMultiKeySigner(account: Account): account is MultiKeyAccount {
+    return account instanceof MultiKeyAccount;
+  }
+
+  signWithAuthenticator(transaction: AnyRawTransaction) {
+    return new AccountAuthenticatorMultiKey(this.publicKey, this.signTransaction(transaction));
+  }
+
+  async waitForProofFetch() {
+    const keylessSigners = this.signers.filter((signer) => signer instanceof KeylessAccount) as KeylessAccount[];
+    await Promise.all(keylessSigners.filter((signer) => signer.proof instanceof Promise).map((signer) => signer.proof));
+  }
+
+  /**
+   * Sign the given message with the private key.
+   *
+   * TODO: Add sign transaction or specific types
+   *
+   * @param data in HexInput format
+   * @returns Signature
+   */
+  sign(data: HexInput): MultiSignature {
+    const signatures = [];
+    for (const signer of this.signers) {
+      signatures.push(signer.sign(data));
+    }
+    return new MultiSignature({ signatures, bitmap: this.signaturesBitmap });
+  }
+
+  signTransaction(transaction: AnyRawTransaction) {
+    const signatures = [];
+    for (const signer of this.signers) {
+      signatures.push(signer.signTransaction(transaction));
+    }
+    return new MultiSignature({ signatures, bitmap: this.signaturesBitmap });
+  }
+
+  /**
+   * Verify the given message and signature with the public key.
+   *
+   * @param args.message raw message data in HexInput format
+   * @param args.signature signed message Signature
+   * @returns
+   */
+  // eslint-disable-next-line class-methods-use-this, @typescript-eslint/no-unused-vars
+  verifySignature(args: { message: HexInput; signature: Signature }): boolean {
+    return true;
+  }
+}

package/src/{core/account → account}/SingleKeyAccount.ts

@@ -1,8 +1,10 @@
-import { AccountAuthenticatorSingleKey } from "../../transactions/authenticator/account";
-import { type HexInput, SigningScheme, SigningSchemeInput } from "../../types";
-import { AccountAddress, AccountAddressInput } from "../accountAddress";
-import { AnyPublicKey, AnySignature, Ed25519PrivateKey, PrivateKey, Secp256k1PrivateKey } from "../crypto";
+import { AccountAuthenticatorSingleKey } from "../transactions/authenticator/account";
+import { type HexInput, SigningScheme, SigningSchemeInput } from "../types";
+import { AccountAddress, AccountAddressInput } from "../core/accountAddress";
+import { AnyPublicKey, AnySignature, Ed25519PrivateKey, PrivateKey, Secp256k1PrivateKey } from "../core/crypto";
 import type { Account } from "./Account";
+import { generateSigningMessageForTransaction } from "../transactions/transactionBuilder/signingMessage";
+import { AnyRawTransaction } from "../transactions/types";
 
 export interface SingleKeySignerConstructorArgs {
   privateKey: PrivateKey;
@@ -106,14 +108,17 @@ export class SingleKeyAccount implements Account {
     return this.publicKey.verifySignature(args);
   }
 
-  signWithAuthenticator(message: HexInput) {
-    const innerSignature = this.privateKey.sign(message);
-    const signature = new AnySignature(innerSignature);
+  signWithAuthenticator(transaction: AnyRawTransaction) {
+    const signature = this.sign(generateSigningMessageForTransaction(transaction));
     return new AccountAuthenticatorSingleKey(this.publicKey, signature);
   }
 
   sign(message: HexInput) {
-    return this.signWithAuthenticator(message).signature;
+    return new AnySignature(this.privateKey.sign(message));
+  }
+
+  signTransaction(transaction: AnyRawTransaction) {
+    return this.sign(generateSigningMessageForTransaction(transaction));
   }
 
   // endregion

package/src/account/index.ts

@@ -0,0 +1,6 @@
+export * from "./Ed25519Account";
+export * from "./Account";
+export * from "./SingleKeyAccount";
+export * from "./KeylessAccount";
+export * from "./EphemeralKeyPair";
+export * from "./MultiKeyAccount";

package/src/api/account.ts

@@ -1,7 +1,8 @@
 // Copyright © Aptos Foundation
 // SPDX-License-Identifier: Apache-2.0
 
-import { AccountAddress, PrivateKey, Account as AccountModule, AccountAddressInput } from "../core";
+import { Account as AccountModule } from "../account";
+import { AccountAddress, PrivateKey, AccountAddressInput } from "../core";
 import {
   AccountData,
   AnyNumber,

package/src/api/ans.ts

@@ -1,7 +1,8 @@
 // Copyright © Aptos Foundation
 // SPDX-License-Identifier: Apache-2.0
 
-import { Account, AccountAddress, AccountAddressInput } from "../core";
+import { Account } from "../account";
+import { AccountAddress, AccountAddressInput } from "../core";
 import {
   RegisterNameParameters,
   getExpiration,

package/src/api/aptos.ts

@@ -12,6 +12,7 @@ import { General } from "./general";
 import { ANS } from "./ans";
 import { Staking } from "./staking";
 import { Transaction } from "./transaction";
+import { Keyless } from "./keyless";
 
 /**
  * This class is the main entry point into Aptos's
@@ -47,6 +48,8 @@ export class Aptos {
 
   readonly transaction: Transaction;
 
+  readonly keyless: Keyless;
+
   constructor(settings?: AptosConfig) {
     this.config = new AptosConfig(settings);
     this.account = new Account(this.config);
@@ -59,6 +62,7 @@ export class Aptos {
     this.general = new General(this.config);
     this.staking = new Staking(this.config);
     this.transaction = new Transaction(this.config);
+    this.keyless = new Keyless(this.config);
   }
 }
 
@@ -73,6 +77,7 @@ export interface Aptos
     Faucet,
     FungibleAsset,
     General,
+    Keyless,
     Staking,
     Omit<Transaction, "build" | "simulate" | "submit" | "batch"> {}
 
@@ -107,3 +112,4 @@ applyMixin(Aptos, FungibleAsset, "fungibleAsset");
 applyMixin(Aptos, General, "general");
 applyMixin(Aptos, Staking, "staking");
 applyMixin(Aptos, Transaction, "transaction");
+applyMixin(Aptos, Keyless, "keyless");

package/src/api/aptosConfig.ts

@@ -3,7 +3,14 @@
 
 import aptosClient from "@aptos-labs/aptos-client";
 import { AptosSettings, ClientConfig, Client, FullNodeConfig, IndexerConfig, FaucetConfig } from "../types";
-import { NetworkToNodeAPI, NetworkToFaucetAPI, NetworkToIndexerAPI, Network } from "../utils/apiEndpoints";
+import {
+  NetworkToNodeAPI,
+  NetworkToFaucetAPI,
+  NetworkToIndexerAPI,
+  Network,
+  NetworkToPepperAPI,
+  NetworkToProverAPI,
+} from "../utils/apiEndpoints";
 import { AptosApiType } from "../utils/const";
 
 /**
@@ -34,6 +41,16 @@ export class AptosConfig {
    */
   readonly faucet?: string;
 
+  /**
+   * The optional hardcoded pepper service URL to send requests to instead of using the network
+   */
+  readonly pepper?: string;
+
+  /**
+   * The optional hardcoded prover service URL to send requests to instead of using the network
+   */
+  readonly prover?: string;
+
   /**
    * The optional hardcoded indexer URL to send requests to instead of using the network
    */
@@ -63,6 +80,8 @@ export class AptosConfig {
     this.network = settings?.network ?? Network.DEVNET;
     this.fullnode = settings?.fullnode;
     this.faucet = settings?.faucet;
+    this.pepper = settings?.pepper;
+    this.prover = settings?.prover;
     this.indexer = settings?.indexer;
     this.client = settings?.client ?? { provider: aptosClient };
     this.clientConfig = settings?.clientConfig ?? {};
@@ -95,8 +114,34 @@ export class AptosConfig {
         if (this.indexer !== undefined) return this.indexer;
         if (this.network === Network.CUSTOM) throw new Error("Please provide a custom indexer url");
         return NetworkToIndexerAPI[this.network];
+      case AptosApiType.PEPPER:
+        if (this.pepper !== undefined) return this.pepper;
+        if (this.network === Network.CUSTOM) throw new Error("Please provide a custom pepper service url");
+        return NetworkToPepperAPI[this.network];
+      case AptosApiType.PROVER:
+        if (this.prover !== undefined) return this.prover;
+        if (this.network === Network.CUSTOM) throw new Error("Please provide a custom prover service url");
+        return NetworkToProverAPI[this.network];
       default:
         throw Error(`apiType ${apiType} is not supported`);
     }
   }
+
+  /**
+   * Checks if the URL is a known pepper service endpoint
+   *
+   * @internal
+   * */
+  isPepperServiceRequest(url: string): boolean {
+    return NetworkToPepperAPI[this.network] === url;
+  }
+
+  /**
+   * Checks if the URL is a known prover service endpoint
+   *
+   * @internal
+   * */
+  isProverServiceRequest(url: string): boolean {
+    return NetworkToProverAPI[this.network] === url;
+  }
 }