Guides

Public & Secure API Keys

Suggest Edits

Stakefish API is a simple REST API that requires an API keys for authentication. But before getting started, it’s important to understand the purpose and usage of the two types of API keys: Public and Secure ones.

Public API Key

The Public API Key can be safely used on your website, and you don’t need to worry about it being exposed. If someone uses this key to stake validators, you will earn commission from their staking activities.

However, since this key is publicly accessible, additional steps are required for security:

  • Message Signing: Your customers will need to confirm their ownership of the wallet by signing messages. This applies whenever they stake, exit a validator, or take similar actions.
  • Example Message: Whenever staking or exiting a validator, customers will be prompted to sign a message like this:

Message signing ensures that the customer has control of the wallet they are staking from.

Secure API Key

The Secure API Key gives you full administrative powers. With this key, you can:

  • Stake validators without requiring to sign messages.
  • Exit validators from your organization. Including emergency exits.

This key must be kept private and secure. If leaked, it could allow unauthorized validator exits or drain allocated public keys, which can result in system abuse.

Key Differences

API KeyCapabilitiesSecurity
Public KeyRequires customers to sign messages before staking or exiting validators.Safe to use on websites. Exposed keys won’t harm the system.
Secure KeyAllows staking, exiting, and managing validators without confirmation or message signing.Must be protected at all costs to prevent unauthorized exits of your validators.

Why Do I Need Public API Key?

Stakefish uses API Keys to link customers with organizations. The Public API Key ensures that any validators staked by customers are associated with your company, allowing you to receive commissions on their staking activities. It helps track which validators belong to your organization and prevent any mix-ups with other entities on the platform.

Using Public and Secure API Keys

Regardless of which API key you use (Public or Secure one), you will always need to pass it in the Authorization header of your API requests. Here's an example request:

curl -X GET "https://api.testnet.stake.fish/v1/eth/stake/v1/remaining-keys" \
     -H "Authorization: YOUR_API_KEY"
  • Replace YOUR_API_KEY with your Public or Secure API key.
  • This token authenticates your requests and provides access to the corresponding API operations.

Troubleshooting

If the request returns 0 or an error, it could indicate that you have run out of remaining keys. Please contact your account manager to allocate more validator public keys to your organization.

Updated 7 days ago