This feature is exclusively available on paid plans (Developer, Scale, and Startup).

Upgrade your plan to access these security settings.

Overview

API key security settings provide essential protection mechanisms for your API access. By configuring these security measures, you can:

  • Control Access: Restrict API usage to specific IP addresses, preventing unauthorized access from unknown locations
  • Manage CORS: Whitelist specific domains to enable secure cross-origin requests from your applications
  • Secure UserOperations: Limit which addresses can perform sensitive operations like sending transactions and estimating gas

Implementing these security settings helps prevent unauthorized usage, protect against potential attacks, and ensure your API keys are only used as intended.

Whitelist IP Addresses

IP whitelisting is a crucial security measure that restricts API access to specific IP addresses. This ensures that only requests from trusted locations can use your API key.

1. Go to Developer Portal and click Settings

Navigate to the settings section where you can manage your API key’s security configurations.

2. Choose your API key you wan’t to apply

Select the specific API key you want to configure security settings for. Each API key can have its own unique security configuration.

3. Click Add button to whitelist IP Addresses

Initiate the process of adding a new IP address to your whitelist. This opens the form where you can specify the trusted IP.

4. Enter IP address and click Create

Specify the IP address you want to whitelist. This can be your server’s IP, office IP, or any other trusted location. After adding, only requests from these IPs will be allowed.

Whitelist Domains (CORS)

Domain whitelisting enables cross-origin resource sharing (CORS) for specific domains, allowing your web applications to interact with the API securely.

1. Click “Allowed Origins”

Access the domain whitelisting section to manage which websites can make requests using your API key.

2. Click Add button

Start the process of adding a new domain to your whitelist. This ensures your web applications can communicate with the API.

3. Enter domain and click Create

Add the domain of your web application (e.g., https://etherspot.io). Only requests from whitelisted domains will be allowed to interact with the API.

Note: It has to be exaclty the same (with the https://)

Whitelist Sender Addresses

Address whitelisting adds an extra layer of security by controlling which blockchain addresses can perform sensitive operations.

1. Click on Sender Addresses

Access the address whitelisting section to manage which blockchain addresses can perform specific operations.

This whitelisting applies to the following RPC methods:

  • eth_sendUserOperation
  • eth_estimateUserOperationGas
  • pm_getPaymasterData
  • pm_sponsorUserOperation
  • pm_getERC20TokenQuotes

2. Add address and click Create

Specify the blockchain address you want to whitelist. Only transactions and operations from these addresses will be processed, providing granular control over who can use specific RPC methods.