api-keys.mdx

Developers have open access to Hiro's APIs without the use of an API key, but are subject to Hiro's rate limit policy. For developers who need access beyond these rate limits, we provide API keys.

If you're interested in obtaining an API key, you can generate one for free in the [Hiro Platform](https://platform.hiro.so) by creating an account.

All API keys are set by default to the free "starter" account tier, which comes with a 900RPM rate limit. For builders who need access to higher API rate limits, dedicated support channels, and reliability guarantees through SLAs, you can upgrade your account tier through the Hiro Platform.

Usage with cURL

The API key is passed in the header of your HTTP API request with x-api-key.

$ curl https://api.hiro.so/... -H 'x-api-key: <your-api-key>'

Usage with Node

This snippet shows how to perform a fetch request with your API key by including it in the request headers.

async function makeApiRequest(apiKey: string) {
  const url = `https://api.hiro.so/<your-api-endpoint>`;
  const response = await fetch(url, {
    headers: {
      "x-api-key": apiKey
    }
  });
  return response.json();
}

Usage with Stacks.js

import { createApiKeyMiddleware, createFetchFn } from "@stacks/common";
import { makeContractCall } from '@stacks/transactions';

const apiMiddleware = createApiKeyMiddleware({
  apiKey: "<your-middleware>",
});

const customFetchFn = createFetchFn(apiMiddleware);

const txOptions = {
  // ... standard transaction options
  client: {
    fetch: customFetchFn,
  },
};

const transaction = await makeContractCall(txOptions);

The API key is passed in the header of your HTTP API request and is used only for private use, like in server-side applications.

If you use the API key in your client-side application, attackers can capture it using the client tools (E.g., browser console) and abuse your API key.