API Keys
API Keys grant access to our APIs and cloud products.
Creating an API Key
Setting up an API key is easy, and you can have several at once to suit the needs of your DApp. To create a new API Key, navigate to the API Keys page from your Stack's homepage. Once there, click on New API Key in the top right corner
This will take you to the Create API Key Wizard which will guide you through setting up your key.
The Basics
To begin, enter a unique nickname and set a Time to Live (TTL). Max TTL is 1,000 days.
Each API key on Syndica allows you fine-grained control over how it's accessed. From broad settings like limiting requests from specific IP addresses, to setting rate limits per RPC method, we'll cover exactly how to set up your API key to meet your DApp's use case.
Global Settings
Global settings allow you to limit requests from specific IP addresses and origin domains. This is useful for dev keys that should only be allowed to be used by your dev team or if you know that requests will only be coming from a particular IP or domain.
When setting the "Limit Requests by IP address(es)" option keep in mind the following:
- It will restrict requests to the URL or IP that was specified in the previous step by IP Address
If no IP address is specified, requests from all IP addresses will be accepted.
- Or Limit Requests By Origin Domain(s)
Note: Wildcard subdomains like *.example.com are supported. If no domain is specified, requests from all origins will be accepted.
Custom Rate Limits
Custom rate limits allow for precise control over what access the API key has. Set credential-wide limits, or restrict access to just a handful of methods, it's up to you. Below we'll cover selecting the service you want to apply limits to, the different types of limits available, and setting limits for specific methods.
It's a good idea to check out what the account-wide limits are before proceeding. Head over to the Account Limits page to see what your current limits are.
Selecting a Service
Currently, Syndica supports two services for request limiting, solana-mainnet and chainstream. In order to use the chainstream service restrictions, you must be on Scale mode or higher and have ChainStream enabled. To continue, select any service that is relevant to this credential.
WebSocket Connection Limits
If your DApp takes advantage of ChainStream or subscribes to any of Solana's WebSocket methods, you can set the maximum number of WebSocket connections allowed by the credential. Furthermore, you can set the maximum number of connections allowed per IP address.
Setting either value to zero will block all WebSocket traffic. The connection limit must be set below the max allowed for your account.
RPC Requests and Active Subscription Limits
If you selected the solana-mainnet service from the Selecting a Service section above, you will be able to set both credential-wide and method-specific limits in the following section.
First, you have the ability to set request limits that apply to all methods. Similarly to the WebSocket connection limit, you can set an overall RPS limit and a limit per IP address.
Next, you're given the option to set specific limits to any Solana method. To do so, click the "Add RPC Method" or "Add Subscription Method" button, select the method you want to set limits for, and enter values for total rate limit, rate limit per IP, or both.
To add another method, click the "Add RPC Method" or "Add Subscription Method" button again and repeat the steps from before.
Below the method-specific limits, you will need to set the limits for any unspecified methods. This defaults to 0, meaning any method not specified will be disallowed for the API credential.
Once limits have been set for a single method, the credential-wide limits above no longer apply and limits for any unspecific method must be set.
ChainStream Rate Limiting
Similar to the RPC Request and Active Subscription limits above, you can set credential-wide and method-specific limits for the ChainStream service. Before proceeding, please ensure that you have enabled ChainStream on your account. Visit the ChainStream section of the platform to enable it if it's not already.
Review
Review your selections and click Create API Key to finish setting up your credential. You'll be taken to the details page for your newly created credential where you can see important information such as the expiration date, the token itself, any RPC and WebSocket limits, and a guide on how to get started.
Revoking an API Key
If you believe your credential has been compromised, or you want to revoke its access for any reason, you can go to the credential's detail page and click the Revoke button in the upper right-hand corner. You'll be asked to confirm your action and once confirmed, that credential will no longer have API Access.
Revoking a credential will immediately cause any API calls using that credential to fail, so be sure to update your DApp with a new credential before you revoke the old one.