API Keys

Project

API Key Security

API keys authenticate your application to the Sorted.fund backend. Keep them secret. Never commit keys to git or expose them in client-side code. Keys are only shown once at creation - save them securely.

Your API Keys

Loading API keys

How to Use API Keys

Authorization Header

Include your API key in the Authorization header:

fetch('http://localhost:3000/sponsor/authorize', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer YOUR_API_KEY_HERE'
  },
  body: JSON.stringify({
    projectId: 'test-game',
    user: '0x...',
    target: '0x...',
    selector: '0x...',
    estimatedGas: 500000,
    clientNonce: '0x...',
    chainId: 14601
  })
})
            

Rate Limits

Each API key has a rate limit (requests per minute). Default is 100 req/min. If you exceed the limit, you'll receive a 429 error.

Security Best Practices

Store keys in environment variables (.env file)
Never commit keys to version control
Rotate keys regularly (every 90 days)
Use different keys for dev/staging/production
Revoke compromised keys immediately

Authorization Header

Rate Limits

Security Best Practices

Generate New API Key

Revoke API Key