Secure your API Keys
Enhance your API security access
To enhance your APP access security, please sign in to SolarPath Dashboard to enter the APP settings, and use the whitelist to enhance your access security:
1. Allowlist Contract Addresses: Only approved contract addresses are allowed to interact, if not set, all contract addresses are allowed.
Whitelisted contract addresses compatible with the following JSON-RPC methods:
eth_call
eth_getLogs
eth_getBalance
eth_getTransactionCount
eth_estimateGas
eth_getStorageAt
eth_getCode
2. Allowlist Domains: Only approved source request domains are allowed to request, if not set, all source domain requests are allowed.
3. Allowlist IPs: Only approved source IPs are allowed to request, if not set, all source IP requests are allowed.
Allowlist domains matching rules such as: www.solarpath.io, *.solarpath.io
Allowlist IPs matching rules IPv4 such as: 192.168.1.0, 225.225.225.100.
Best Practices
Make sure your API-KEY is not exposed, such as message sharing, public JavaScript management, etc.
Add access whitelist as much as possible, such as access IP, access domain.
Persist in one API-KEY to use in one of your projects.
Create a new APP for each of your applications and use them separately.
Avoid using packages like dotenv to commit your API-KEY to the repository.
Last updated