API Keys
General
API keys are a short piece of text that identifies you to our services. When you include it in (for example) an RPC call, it lets us determine whether to give you access, and which account to deduct bandwidth from.
By default, anyone with one of your API keys can use up the bandwidth in your account. You should keep them secret.
Best Practices
FluxRPC lets you create multiple API keys. It's a good idea to create a new API key for every service you are offering. This way, if one key is compromised and needs to be deleted and re-created, the majority of your services will keep running.
Generally, it's better to include the API key in a header as below, instead of including it in an URL:
X-API-KEY = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxNext, don't include your API keys in your code. One good solution is to pass them to your application via environment variables defined at launch. This prevents (for example) accidentally storing your secret API keys in a GitHub repository accessible to others.
It's also a good plan to occasionally log in to FluxRPC and check your data usage on the dashboard, to make sure it matches what you expect.
Finally, it's a good idea to delete any API keys you no longer use.
Tools to Secure API Keys
Coming Soon!
We will provide configurable restrictions to how each of your API keys can be used.
Tools to Manage API Keys
We provide a way to automatically check remaining bandwidth. You may query your remaining credits directly from FluxRPC as follows:
The response will look like this:
A reasonable thing to do would be to have your application alert you if the remaining bandwidth drops too low, or suddenly changes.
Last updated