Stakefish API uses two types of API keys to authenticate & authorize requests - Public and Secure ones.

Public API Key

The Public API Key can be safely used on your website, and you don’t need to worry about it being exposed. If someone uses this key to stake validators rewards will be associated with your account and you will earn commission.

However, since this key is publicly accessible, additional steps might be required. You can find more details in Network pages.

Secure API Key

The Secure API Key gives you full administrative powers such as emergency exits, or withdrawals.

This key must be kept private and secure. If leaked, it could allow unauthorized validator exits or drain allocated public keys, which can result in system abuse.

Key Differences

API Key	Capabilities	Security
Public Key	Designed to allow end-customers to directly interact with our API endpoints. Additional authentication may be required for some actions.	Safe to use on websites. Exposed keys won’t harm the system.
Secure Key	Allows staking, exiting, and managing validators without extra confirmation.	Must be protected at all costs to prevent unauthorized exits of your validators.

Why Do I Need Public API Key?

Public API Keys are used to link customers with organizations. It ensures that all staked tokens and validators will be credited to your organization, allowing you to earn commissions on your customer's staking activities.

Using Public and Secure API Keys

Regardless of which API key you use (public or secure one), you will always need to pass it in the Authorization header of your API requests. Here's an example request:

curl -X GET "https://api.testnet.stake.fish/v1/eth/stake/v1/remaining-keys" \
     -H "Authorization: YOUR_API_KEY"

Replace YOUR_API_KEY with your Public or Secure API key.
This token authenticates your requests and provides access to the corresponding API operations.

How To Create API Keys?

You can create API keys using Stakefish dashboard for institutions.