Guides

Public & Secure API Keys

Suggest Edits

Ethereum Client Staking requires two different API keys for authentication and authorization. Each key type has specific security requirements and capabilities tailored for client-facing applications.

ℹ️

Note

While this section covers Ethereum-specific requirements, you can find comprehensive documentation about API keys here.

This authentication system balances security with user experience, allowing you to safely integrate staking capabilities into your application while protecting both your organization and your customers.

Public API Key

The Public API Key can be safely used on your website, and you don’t need to worry about it being exposed. If someone uses this key to stake validators, you will earn commission from their staking activities.

However, since this key is publicly accessible, additional steps are required for security:

  • Message Signing: Your customers will need to confirm their ownership of the wallet by signing messages. This applies whenever they stake, exit a validator, or take similar actions.
  • Example Message: Whenever staking or exiting a validator, customers will be prompted to sign a message like this:

Message signing ensures that the customer has control of the wallet they are staking from.

Secure API Key

The Secure API Key gives you full administrative powers. With this key, you can:

This key must be kept private and secure. If leaked, it could allow unauthorized validator exits or drain allocated public keys, which can result in system abuse.

Key Differences

API KeyCapabilitiesSecurity
Public KeyRequires customers to sign messages before staking or exiting validators.Safe to use on websites. Exposed keys won’t harm the system.
Secure KeyAllows staking, exiting, and managing validators without confirmation or message signing.Must be protected at all costs to prevent unauthorized exits of your validators.

Updated 1 day ago