API Security
On the details page of an API project, click on the Security tab for the security settings. We provide three different ways of protecting your API as follows:
- Authorization Requirements for Requests
- Allowed IP Addresses
- Request Cost Limit
1 Authentication Requirements
1.1 Authenticating Using a Project Secret
To authenticate using a project secret, select Require Project Secret
as below on the Security
tab, then the Project Secret
will be automatically generated.
Use the following command to access InfStones API. Please fill in your Project Secret and your Project ID.
curl --user :<your-project-secret> <your-endpoint> -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
For example:
curl --user :635bfbc6dd65487db362ac79161a6cfb https://api.infstones.com/bsc/mainnet/36d4ad84d99743f7b3ecb0a01d6e0d9b -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
1.2 Authenticating Using a JWT
To authenticate using a JWT, select Require JWT
as below on the Security
tab.
In order to use JWTs with your project, you need to generate a public key / private key pair first. Algorithm RS256 is supported only.
A public key will usually look like this:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1SU1LfVLPHCozMxH2Mo4lgOEePzNm0tRgeLezV6ffAt0gunVTLw7onLRnrq0/IzW7yWR7QkrmBL7jTKEn5u+qKhbwKfBstIs+bMY2Zkp18gnTxKLxoS2tFczGkPLPgizskuemMghRniWaoLcyehkd3qqGElvW/VDL5AaWTg0nLVkjRo9z+40RQzuVaE8AkAFmxZzow3x+VJYKdjykkJ0iT9wCS0DRTXu269V264Vf/3jvredZiKRkgwlL9xNAwxXFg0x/XFw005UWVRIkdgcKWTjpBP2dPwVZ4WWC+9aGVd+Gyn1o0CLelf4rEjGoXbAAEgAqeGUxrcIlbjXfbcmwIDAQAB
-----END PUBLIC KEY-----
Once you have your key pair generated, write a JWT Name
and paste the public key in the JWT Public Key
block, and click Add
.
You’ll get a KeyID(KID)
and a key Fingerprint
. The KeyID(KID)
will be used when creating JWTs, and the key Fingerprint
can be used to identify the key.
Go to official JWT website to create your JWT token.
Make sure you select RS256
in Algorithm
and put kid
in HEADER
.
Use the following command to access InfStones API with JWT.
curl -H "Authorization: Bearer <JWT>" \
<your-endpoint>
2 Allowed IP Addresses
This setting will restrict IP addresses to use the API project, with a maximum of 30 IP addresses in total. If no restriction is needed for the project, then this area could be left empty.
Type the IP address in Allowed IP Addresses
you want to give access to and click Add
. Only 1 IP address can be added at a time.
The previously added IP addresses are shown in the List of allowed addresses
. You can click the x
at the right of the IP address to remove it.
3 Request Cost Limit
The Requests Cost Limit
option allows you to set the daily request cost limit of the project. Please type the daily request cost limit and click Save
.
Please note that you have a total request cost limit for all the Public API projects of each protocol, which is related to the service plan you select. The daily request cost on a single project cannot exceed the total request cost limit of the whole protocol.
Updated 11 months ago