Skip to main content
Skip table of contents

Secure your Private API Endpoints

Many of our customers use our API keys to their paid OnFinality endpoints in their browser extensions, mobile apps, and even websites. We know how important security is for our customers, especially as these apps are often open source and can be easily decoded.

API Access Restrictions

The newly added security feature allows you to restrict your API App’s private endpoints to work only from ‘Allowed’ origins and/or IP addresses, preventing unauthorised consumption of your rate limits and inflation to your bill once your rate limits are used up.

How dApps, Wallets And Indexers Can Use ‘API Access Restrictions’

By adding ‘Allow’ listed origins and IP addresses, you can prevent others from using your paid API keys in their own websites or applications.

For example, if you run a wallet, you could restrict your private endpoint to only work when accessed from inside your wallet.

If you are running an indexer, you could restrict your private endpoint to only work from the IP address of your indexer.

Traffic which meets at least one of the Allowed Origins or IP Addresses will be allowed

How To Access The New API Security Feature

Go to API App > Settings and add an allowed origin or IP address

When no Allowed Origins or Allowed IP Addresses are set all traffic, using the correct API Key, will be allowed.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.