API Keys
All API requests require authentication using an API key passed in the x-api-key header.
Getting Your API Key
- Visit developers.webacy.co to sign up
- Generate your API key
- Copy and securely store your key
Keep your API key secure. Do not expose it in client-side code or public repositories.
Using Your API Key
Include your API key in the x-api-key header with every request:
Example Requests
curl -X GET "https://api.webacy.com/addresses/0x742d35Cc6634C0532925a3b844Bc454e4438f44e?chain=eth" \
-H "x-api-key: YOUR_API_KEY"
Authentication Errors
| Status Code | Description |
|---|
| 401 | Missing or invalid API key |
| 403 | API key lacks required permissions |
| 429 | Rate limit exceeded (see Rate Limits) |
Example Error Response
{
"message": "Unauthorized"
}
Best Practices
Store your API key in environment variables, not in your code.
- Rotate keys periodically - Generate new keys and deprecate old ones on a regular schedule
- Use separate keys - Maintain different keys for development, staging, and production
- Monitor usage - Check the API Usage endpoint regularly
- Revoke compromised keys - If a key is exposed, revoke it immediately in your dashboard
- Server-side only - Never expose your API key in client-side code or mobile apps
