API Security

On the details page of an API project, click on the Security tab for the security settings. We provide four different ways of protect your API as follows:
  • Authorization Requirements for Requests
  • Allowed IP Addresses
  • Allowed API Request Methods
  • Request Cost Limit

1 Authentication Requirements

1.1 Authenticating Using a Project Secret

To authenticate using a project secret, select Require project secret as below on the Security tab, then the Project Secret will be automatically generated.
Use the following command to access InfStones API. Please fill in your Project Secret and your Project ID.
curl --user : <your-project-secret> <your-endpoint> -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
For example:
curl --user : 7979e694acf340b2aa1a5f6c0080393b https://api.infstones.com/bsc/mainnet/36d4ad84d99743f7b3ecb0a01d6e0d9b -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'

1.2 Authenticating Using a JWT

To authenticate using a JWT, select Require JWT as below on the Security tab.
In order to use JWTs with your project, you need to generate a public key / private key pair first. Algorithm RS256 is supported only.
A public key will usually look something like:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1SU1LfVLPHCozMxH2Mo4lgOEePzNm0tRgeLezV6ffAt0gunVTLw7onLRnrq0/IzW7yWR7QkrmBL7jTKEn5u+qKhbwKfBstIs+bMY2Zkp18gnTxKLxoS2tFczGkPLPgizskuemMghRniWaoLcyehkd3qqGElvW/VDL5AaWTg0nLVkjRo9z+40RQzuVaE8AkAFmxZzow3x+VJYKdjykkJ0iT9wCS0DRTXu269V264Vf/3jvredZiKRkgwlL9xNAwxXFg0x/XFw005UWVRIkdgcKWTjpBP2dPwVZ4WWC+9aGVd+Gyn1o0CLelf4rEjGoXbAAEgAqeGUxrcIlbjXfbcmwIDAQAB
-----END PUBLIC KEY-----
Once you have your key pair generated, paste the public key in the JWT Public Key block, and click Add.
You’ll get a key ID and a key Fingerprint. The key ID will be used when creating JWTs, and the key Fingerprint can be used to identify the key.
Use the following command to access InfStones API with JWT.
curl -H "Authorization: Bearer <JWT>" \
<your-endpoint>

2 Allowed IP Addresses

This setting will restrict IP addresses to use the API project, with a maximum of 30 IP addresses in total. If no restriction is needed for the project, then this area could be left empty.
Type the IP address you wanna allow to access, and click Add. Only 1 IP address can be added at a time.
The previous added IP addresses are shown in the List of allowed addresses. You can click the x at the right of the IP address to remove it.

3 Allowed API Request Methods

This setting will add API method allowed to this API project, with a maximum of 30 API methods in total. If no restriction is needed for the project, then this area could be left empty.
Select the API method you want to allowed to this API project from the method list, and click Add. Only 1 API method can be added at a time.
The previously added API methods are shown in the List of allowed methods. You can click the x at the right of the API method to remove it.

4 Request Cost Limit

The Requests Cost Limit option allows you to set the daily request cost limit of the project. Please type the daily request cost limit and click Save.
Please be noted that you have a total request cost limit of all the Public API projects of each chain, which is related to the service plan you select for this chain as shown below.
The daily request cost on a single project cannot exceed the total request cost limit of the whole chain, even though the daily request cost limit you set for this project exceeds the total request cost limit of the chain.