Skip to main content

API key

important

A request will fail if it does not have a valid API key appended to the request URL.

Select the API key in the Infura dashboard to view the key's details. The API key to include in your requests can be copied at the top of the page.

Apply the principle of least privilege. Add only the endpoints that you plan to use, and then use the other security features such as JSON Web Tokens (JWTs) and allowlists.

Securing your Infura API key is crucial to protect your project resources and data. Here are some best practices to secure your Infura API key:

  • Do not share publicly. Never share your API key publicly, such as in public repositories, client-side code, or public forums. This is equivalent to giving away your password.

  • Use environment variables. When developing locally or deploying your application, store your API key in environment variables instead of hardcoding it into your application. This prevents the API key from being exposed in your codebase.

  • Limit usage. Infura allows you to set daily request limits on your API key. Setting a limit can prevent excessive usage if your API key is exposed accidentally.

  • Monitor usage. Observe the usage statistics of your API key. If you notice an unexpected increase in usage, it might indicate that your API key has been compromised.