Key Concepts (Canton)

Read this page before the flow overview or the tutorials. It defines Canton-specific terms and CCIP-on-Canton behavior that appear throughout the docs.

Who this is for

Engineers at enterprises and institutions who need to:

  • Send or receive CCIP messages and token transfers on Canton
  • Connect CIP-56 instruments to CCIP token pools
  • Operate token pool disclosure infrastructure

You do not need Chainlink to permission your party to use CCIP — any party can send to supported lanes programmatically once your participant, validator user, and disclosures are configured.

Canton fundamentals

Canton is a privacy-preserving network for regulated institutions. Smart contracts are written in Daml and run on participant nodes operated by institutions.

TermMeaning
PartyAn on-ledger identity that owns rights and obligations in contracts. Your party in canton-config.json is the party your scripts act as.
UserA human or system account that authenticates to a participant and is granted permission to act as one or more parties.
ParticipantA node that hosts contract data for its parties and enforces privacy — it only stores data relevant to those parties.
SignatoryA party that owns a contract and must authorize its creation or archival.
ObserverA party that can see a contract and its updates but does not own it unless given a specific choice.
StakeholderAny signatory or observer on a contract — stakeholders can see contract creation and updates.
ChoiceAn authorized action on a Daml contract (Canton's equivalent of a contract function).
DARA packaged Daml archive deployed to a participant. CCIP and Registry DARs must be present before you can create CCIP contracts.

Privacy and explicit disclosure

Unlike public chains, Canton compartmentalizes data: parties only see contracts they are stakeholders on. CCIP core contracts are not visible to arbitrary users by default.

Explicit disclosure grants a submitting party temporary visibility into contracts they are not a stakeholder on, so they can exercise choices in a single transaction. Off-ledger Explicit Disclosure Services (EDS) return these disclosures before send and execute — see Explicit Disclosure API.

Manual execution on Canton

This is a core integration requirement on Canton — not an error-recovery path like manual execution on EVM chains. See Manual Execution (Canton) for the full workflow and tutorial links.

When Canton is the source, remote destination chains may still auto-execute unless you skip execution in your send script.

Fees on Canton

CCIP fees are quoted and collected by the on-ledger FeeQuoter contract as part of the send flow.

DirectionWho paysTypical fee token (testnet starter kit)
Canton → remote chainSender party on CantonAmulet (default) or LINK (--feeToken link)
Remote chain → CantonSender on the source chainNative gas token on source (e.g. Sepolia ETH) or LINK (--feeToken link)

Before sending from Canton, fund your party with the fee token you plan to use. Token transfer demos may also require holdings of the instrument you are bridging (for example LINK on Canton for canton2any:token).

Fee rates depend on lane configuration in FeeQuoter. Coordinate with Chainlink CCIP operations for production fee tokens and quoting details on your lanes.

CCIP on-ledger components

Terms you will see in the overview and tutorials:

ComponentRole
PerPartyRouterPer-party CCIP state (sequence numbers, execution tracking). One router per party; create via PerPartyRouterFactory on first use.
CCIPSender / CCIPReceiverContracts your party uses to send from or execute on Canton.
Committee VerifierValidates cross-chain proofs. The default verifier is operated by Chainlink NOPs; custom verifiers may be required for some lanes or assets.
Committee Verifier ticketReturned when forwarding a message to a Committee Verifier during a Canton send.
Token pool ticketIssued by the token pool when locking or burning tokens on send.
Token receive ticketIssued by the OffRamp after successful execution; used to claim tokens from the pool.
TransferInstructionCIP-56 token transfer object. Receivers accept it to take custody after a token message executes.
Token Admin Registry (TAR)Maps each instrument to its CCIP token pool.
IndexerAggregates Committee Verifier proofs so clients know when a message is ready to execute.
EDSOff-ledger API that returns explicit disclosures for CCIP and token pool contracts.

Finality modes

Senders set requested finality in the message. Receivers configure receiverFinalityConfig on CCIPReceiver to allow:

  • FTF — faster than finality
  • FCR — safe confirmation
  • Default — standard finality tag for the lane

The receiver configuration must permit the finality level the sender requested.

Tooling

ToolWhat it isWhen to use it
ccip-tools-tsSource repo for @chainlink/ccip-sdk and ccip-cliLibrary and CLI for production integrations — disclosures, send, execute, proofs
ccip-starter-kit-cantonTutorial scripts and testnet configLearn Canton ↔ Sepolia flows; cct:* pool deployment helpers
ccip-cliCLI in ccip-tools-tsSame underlying SDK as the starter kit — direct ledger submit with canton-config.json and JWT/OIDC auth

The starter kit is a thin wrapper around @chainlink/ccip-sdk. Scripts load canton-config.json, authenticate to your participant, and call the same send/execute paths documented for ccip-cli (without --wallet).

Suggested path: skim this page → Getting Started (Canton)Canton as Source prerequisites → a tutorial matching your direction.

What's next

Get the latest Chainlink content straight to your inbox.