API Keys
Stakefish API is a simple REST API that requires an API keys for authentication. But before getting started, it’s important to understand the purpose and usage of the two types of API keys: Public and Secure ones.
Public API Key
The Public API Key can be safely used on your website, and you don’t need to worry about it being exposed. If someone uses this key to stake validators.
However, since this key is publicly accessible, additional steps are required for security:
- Message Signing: For some actions, including management their ETH validators, your customers will need to confirm their ownership of the wallet by signing messages.
- Example Message: Whenever staking or exiting an Ethereum validator, customers will be prompted to sign a message like this:
Message signing ensures that the customer has control of the wallet they are staking from.
Secure API Key
The Secure API Key gives you full administrative powers. With this key, you can:
- Stake Ethereum validators without requiring to sign messages using the enterprise staking endpoints.
- Exit Ethereum validators from your organization using the enterprise staking endpoints. Including emergency exits.
This key must be kept private and secure. If leaked, it could allow unauthorized validator exits or drain allocated public keys, which can result in system abuse.
Key Differences
| API Key | Capabilities | Security |
|---|---|---|
| Public Key | Designed to allow end-customers to directly interact with our API endpoints. Message authentication may be required for some actions. | Safe to use on websites. Exposed keys won’t harm the system. |
| Secure Key | Allows staking, exiting, and managing validators without confirmation or message signing. | Must be protected at all costs to prevent unauthorized exits of your validators. |
Why Do I Need Public API Key?
Stakefish uses API Keys to link customers with organizations. The Public API Key ensures that any validators staked by customers are associated with your company, allowing you to receive commissions on their staking activities. It helps track which validators belong to your organization and prevent any mix-ups with other entities on the platform.
Using Public and Secure API Keys
Regardless of which API key you use (Public or Secure one), you will always need to pass it in the Authorization header of your API requests. Here's an example request:
curl -X GET "https://api.testnet.stake.fish/v1/eth/stake/v1/remaining-keys" \
-H "Authorization: YOUR_API_KEY"
- Replace
YOUR_API_KEYwith your Public or Secure API key. - This token authenticates your requests and provides access to the corresponding API operations.
Updated 3 days ago