description: How to use Pantheon JSON-RPC API
<!-- - END of page meta data -->
# Using the JSON-RPC API
## Postman
Use the button to import our collection of examples to [Postman ](https://www.getpostman.com/ ).
[![Run in Postman ](https://run.pstmn.io/button.svg )](https://app.getpostman.com/run-collection/c765d7d22b055c42a510)
## Endpoint Host and Port
The placeholder
`<JSON-RPC-http-endpoint:port>` and `<JSON-RPC-ws-endpoint:port>` represents an endpoint (IP address and port)
of the JSON-RPC service of a Pantheon node for HTTP and WebSocket requests.
To enable JSON-RPC over HTTP or WebSockets, use the [`--rpc-http-enabled` ](../Reference/Pantheon-CLI-Syntax.md#rpc-http-enabled )
and [`--rpc-ws-enabled` ](../Reference/Pantheon-CLI-Syntax.md#rpc-ws-enabled ) options.
Use the [--rpc-http-host ](../Reference/Pantheon-CLI-Syntax.md#rpc-http-host ) and [--rpc-ws-host ](../Reference/Pantheon-CLI-Syntax.md#rpc-ws-host )
options to specify the host on which the JSON-RPC listens. The default host is 127.0.0.1 for HTTP and WebSockets.
Set the host to `0.0.0.0` to allow remote connections.
!!! caution
Setting the host to 0.0.0.0 exposes the RPC connection on your node to any remote connection. In a
production environment, ensure you are using a firewall to avoid exposing your node to the internet.
Use the [--rpc-http-port ](../Reference/Pantheon-CLI-Syntax.md#rpc-http-port ) and [--rpc-ws-port ](../Reference/Pantheon-CLI-Syntax.md#rpc-ws-port )
options to specify the port on which the JSON-RPC listens. The default ports are:
* 8545 for HTTP
* 8546 for WebSockets
## Host Whitelist
To prevent DNS rebinding, incoming HTTP requests and WebSockets connections are only accepted from hostnames
specified using the [`--host-whitelist` ](../Reference/Pantheon-CLI-Syntax.md#host-whitelist ) option.
By default, `localhost` and `127.0.0.1` are accepted.
If your application publishes RPC ports, specify the hostnames when starting Pantheon.
!!! example
```bash
pantheon --host-whitelist=example.com
```
Specify * or all for `--host-whitelist` to effectively disable host protection.
!!! caution
Specifying * or all for `--host-whitelist` is not recommended for production code.
## JSON-RPC Authentication
[Authentication ](Authentication.md ) is disabled by default.
## HTTP and WebSocket Requests
### HTTP
To make RPC requests over HTTP, you can use [`curl` ](https://curl.haxx.se/download.html ).
```bash
$ curl -X POST --data '{"jsonrpc":"2.0","method":"web3_clientVersion","params":[],"id":53}' < JSON-RPC-http-endpoint:port >
```
### WebSockets
To make RPC requests over WebSockets, you can use [wscat ](https://github.com/websockets/wscat ), a Node.js based command-line tool.
First connect to the WebSockets server using `wscat` (you only need to connect once per session):
```bash
$ wscat -c ws://< JSON-RPC-ws-endpoint:port >
```
After the connection is established, the terminal will display a '>' prompt.
Send individual requests as a JSON data package at each prompt:
```bash
> {"jsonrpc":"2.0","method":"web3_clientVersion","params":[],"id":53}
```
!!! note
`wscat` does not support headers. [Authentication ](Authentication.md ) requires an authentication token to be passed in the
request header. To use authentication with WebSockets, an app that supports headers is required.
### API Methods Enabled by Default
The `ETH` , `NET` , and `WEB3` API methods are enabled by default.
Use the [`--rpc-http-api` ](../Reference/Pantheon-CLI-Syntax.md#rpc-http-api ) or [`--rpc-ws-api` ](../Reference/Pantheon-CLI-Syntax.md#rpc-ws-api )
options to enable the `ADMIN` ,`CLIQUE`,`DEBUG`, `EEA` , `IBFT` , `MINER` , and `PERM` API methods.
!!!note
EEA methods are for privacy features. Privacy features are under development and will be available in v1.1.
## Block Parameter
When you make requests that might have different results depending on the block accessed,
the block parameter specifies the block.
Several methods, such as [eth_getTransactionByBlockNumberAndIndex ](../Reference/JSON-RPC-API-Methods.md#eth_gettransactionbyblocknumberandindex ), have a block parameter.
The block parameter can have the following values:
* `blockNumber` : `quantity` - Block number. Can be specified in hexadecimal or decimal. 0 represents the genesis block.
* `earliest` : `tag` - Earliest (genesis) block.
* `latest` : `tag` - Last block mined.
* `pending` : `tag` - Last block mined plus pending transactions. Use only with [eth_getTransactionCount ](../Reference/JSON-RPC-API-Methods.md#eth_gettransactioncount ).
## Not Supported by Pantheon
### Account Management
Account management relies on private key management in the client which is not implemented by Pantheon.
Use [`eth_sendRawTransaction` ](../Reference/JSON-RPC-API-Methods.md#eth_sendrawtransaction ) to send signed transactions; `eth_sendTransaction` is not implemented.
Use third-party wallets for [account management ](../Using-Pantheon/Account-Management.md ).
### Protocols
Pantheon does not implement the Whisper and Swarm protocols.