How to use API Keys

To enhance the security and reliability of your integrations, Safe Infrastructure uses authenticated API access. Authenticated requests ensure that only authorized applications and developers can interact with our services, protecting your data and the overall ecosystem.

This guide explains how to generate an API key, use it for authenticated requests, and handle rate limits, errors, and security best practices.

Getting a Safe API Key

1. Visit the developer dashboard (opens in a new tab).
2. Create an account (if you haven't already).
3. Generate your API key in the API Keys section.

The API Key is a JWT, which is set to expire after 5 years.

Using Your API Key

To authenticate your requests, include your API key in the Authorization header. Below, there are different request examples. We use EIP3770 names for chains, so for example, for Ethereum Mainnet (eth):

Rate Limits and Usage Tiers

Rate limits and monthly quotas depend on your plan:

For full details on enforcement behavior when limits are reached, see Quotas & Limits.

Error Handling

If your API key is invalid or exceeds its rate limit, the API returns standard HTTP error codes:

• 401 Unauthorized: Invalid or missing API key.
• 429 Too Many Requests: Rate limit or quota exceeded. See Quotas & Limits for how to handle this.

Make sure your application gracefully handles these errors to avoid disruptions.

Best Practices

• Store keys securely: Use environment variables or secure vaults instead of hard-coding API keys in your application.
• Rotate keys periodically: Periodically rotate your API keys to minimize potential security risks.
• Revoke compromised keys immediately: If an API key is compromised, revoke it immediately via the dashboard and generate a new one.

Need Help?

If you have questions or encounter issues, please reach out to our support team at support@safe.global.