Public & Secure API Keys
Stakefish API is a simple REST API that requires an API keys for authentication. But before getting started, it’s important to understand the purpose and usage of the two types of API keys: Public and Secure ones.
Public API Key
The Public API Key can be safely used on your website, and you don’t need to worry about it being exposed. If someone uses this key to stake validators, you will earn commission from their staking activities.
However, since this key is publicly accessible, additional steps are required for security:
- Message Signing: Your customers will need to confirm their ownership of the wallet by signing messages. This applies whenever they stake, exit a validator, or take similar actions.
- Example Message: Whenever staking or exiting a validator, customers will be prompted to sign a message like this:
Message signing ensures that the customer has control of the wallet they are staking from.
Secure API Key
The Secure API Key gives you full administrative powers. With this key, you can:
- Stake validators without requiring to sign messages using the enterprise staking endpoints.
- Exit validators from your organization using the enterprise staking endpoints. Including emergency exits.
This key must be kept private and secure. If leaked, it could allow unauthorized validator exits or drain allocated public keys, which can result in system abuse.
Key Differences
| API Key | Capabilities | Security |
|---|---|---|
| Public Key | Requires customers to sign messages before staking or exiting validators. | Safe to use on websites. Exposed keys won’t harm the system. |
| Secure Key | Allows staking, exiting, and managing validators without confirmation or message signing. | Must be protected at all costs to prevent unauthorized exits of your validators. |
Why Do I Need Public API Key?
Stakefish uses API Keys to link customers with organizations. The Public API Key ensures that any validators staked by customers are associated with your company, allowing you to receive commissions on their staking activities. It helps track which validators belong to your organization and prevent any mix-ups with other entities on the platform.
Using Public and Secure API Keys
Regardless of which API key you use (Public or Secure one), you will always need to pass it in the Authorization header of your API requests. Here's an example request:
curl -X GET "https://api.testnet.stake.fish/v1/eth/stake/v1/remaining-keys" \
-H "Authorization: YOUR_API_KEY"
- Replace
YOUR_API_KEYwith your Public or Secure API key. - This token authenticates your requests and provides access to the corresponding API operations.
Troubleshooting
If the request returns 0 or an error, it could indicate that you have run out of remaining keys. Please contact your account manager to allocate more validator public keys to your organization.
Updated about 2 months ago