API Security

On the details page of an API project, click on the Security tab for the security settings. We provide three different ways of protecting your API as follows:

  • Authorization Requirements for Requests
  • Allowed IP Addresses
  • Request Cost Limit

1 Authentication Requirements

1.1 Authenticating Using a Project Secret

To authenticate using a project secret, select Require Project Secret as below on the Security tab, then the Project Secret will be automatically generated.

Use the following command to access InfStones API. Please fill in your Project Secret and your Project ID.

curl --user :<your-project-secret> <your-endpoint> -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'

For example:

curl --user :635bfbc6dd65487db362ac79161a6cfb https://api.infstones.com/bsc/mainnet/36d4ad84d99743f7b3ecb0a01d6e0d9b -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'

1.2 Authenticating Using a JWT

To authenticate using a JWT, select Require JWT as below on the Security tab.

In order to use JWTs with your project, you need to generate a public key / private key pair first. Algorithm RS256 is supported only.

A public key will usually look like this:

-----BEGIN PUBLIC KEY----- 
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1SU1LfVLPHCozMxH2Mo4lgOEePzNm0tRgeLezV6ffAt0gunVTLw7onLRnrq0/IzW7yWR7QkrmBL7jTKEn5u+qKhbwKfBstIs+bMY2Zkp18gnTxKLxoS2tFczGkPLPgizskuemMghRniWaoLcyehkd3qqGElvW/VDL5AaWTg0nLVkjRo9z+40RQzuVaE8AkAFmxZzow3x+VJYKdjykkJ0iT9wCS0DRTXu269V264Vf/3jvredZiKRkgwlL9xNAwxXFg0x/XFw005UWVRIkdgcKWTjpBP2dPwVZ4WWC+9aGVd+Gyn1o0CLelf4rEjGoXbAAEgAqeGUxrcIlbjXfbcmwIDAQAB 
-----END PUBLIC KEY-----

Once you have your key pair generated, write a JWT Name and paste the public key in the JWT Public Key block, and click Add.

You’ll get a KeyID(KID) and a key Fingerprint. The KeyID(KID) will be used when creating JWTs, and the key Fingerprint can be used to identify the key.

Go to official JWT website to create your JWT token.

Make sure you select RS256 in Algorithm and put kid in HEADER.

Use the following command to access InfStones API with JWT.

curl -H "Authorization: Bearer <JWT>" \
<your-endpoint>

2 Allowed IP Addresses

This setting will restrict IP addresses to use the API project, with a maximum of 30 IP addresses in total. If no restriction is needed for the project, then this area could be left empty.

Type the IP address in Allowed IP Addresses you want to give access to and click Add. Only 1 IP address can be added at a time.

The previously added IP addresses are shown in the List of allowed addresses. You can click the x at the right of the IP address to remove it.

3 Request Cost Limit

The Requests Cost Limit option allows you to set the daily request cost limit of the project. Please type the daily request cost limit and click Save.

Please note that you have a total request cost limit for all the Public API projects of each protocol, which is related to the service plan you select. The daily request cost on a single project cannot exceed the total request cost limit of the whole protocol.