Many of our customers use our API keys to their paid OnFinality endpoints in their browser extensions, mobile apps, and even websites. We know how important security is for our customers, especially as these apps are often open source and can be easily decoded.
API Access Restrictions
The newly added security feature allows you to restrict your API App’s private endpoints to work only from ‘Allowed’ origins and/or IP addresses, preventing unauthorised consumption of your rate limits and inflation to your bill once your rate limits are used up.
How dApps, Wallets And Indexers Can Use ‘API Access Restrictions’
By adding ‘Allow’ listed origins and IP addresses, you can prevent others from using your paid API keys in their own websites or applications.
For example, if you run a wallet, you could restrict your private endpoint to only work when accessed from inside your wallet.
If you are running an indexer, you could restrict your private endpoint to only work from the IP address of your indexer.
Traffic which meets at least one of the Allowed Origins or IP Addresses will be allowed
How To Access The New API Security Feature
Go to API App > Settings and add an allowed origin or IP address
Allowed Origins or
Allowed IP Addresses are set all traffic, using the correct API Key, will be allowed.