# Authentication

### Overview

Our API requires authentication for all requests. We use API keys to authenticate requests and determine permission levels. Your API key carries many privileges, so be sure to keep it secure. Do not share your API key in publicly accessible areas such as GitHub, client-side code, or in your application's source code.

### Obtaining an API Key

To get an API key:

1. Sign in to your account dashboard at <https://rpc.forbole.com/>
2. Navigate to the "API Keys" section or settings
3. Click the API key to copy

Store your API key securely. For security reasons, we only show your key once at creation time.

### Using Your API Key

You can authenticate with your API key in two ways:

#### Option 1: Query Parameter

Add the `apikey` parameter to your request URL:

```
https://api.example.com/v1/resource?apikey=YOUR_API_KEY
```

#### Option 2: Request Header

Send your API key in an HTTP header:

```
apikey: YOUR_API_KEY
```

We strongly recommend using the header method whenever possible, as this prevents your API key from being logged in server access logs.

### Authentication with Different Protocols

#### REST over HTTP

**Using header (recommended):**

```bash
curl -X GET "https://api.example.com/v1/resource" \
  -H "apikey: YOUR_API_KEY"
```

**Using query parameter:**

```bash
curl -X GET "https://api.example.com/v1/resource?apikey=YOUR_API_KEY"
```

#### gRPC

When using gRPC, include your API key as metadata:

```python
import grpc

channel = grpc.insecure_channel('api.example.com:50051')
metadata = [('apikey', 'YOUR_API_KEY')]
stub = service_pb2_grpc.ServiceStub(channel)
response = stub.Method(request, metadata=metadata)
```

#### WebSockets

When establishing a WebSocket connection, include your API key in the connection URL or in the WebSocket headers:

**Using query parameter:**

```javascript
const socket = new WebSocket('wss://api.example.com/v1/socket?apikey=YOUR_API_KEY');
```

**Using header (recommended):**

```javascript
const socket = new WebSocket('wss://api.example.com/v1/socket');
socket.setRequestHeader('apikey', 'YOUR_API_KEY');
```

### Security Best Practices

1. **Keep your API key private** - Never expose your API key in public repositories or client-side code
2. **Use environment variables** - Store your API key in environment variables rather than hardcoding
3. **Rotate keys regularly** - Generate new API keys periodically and deprecate old ones
4. **Use specific permissions** - Create keys with the minimum necessary permissions
5. **Monitor usage** - Regularly review API usage logs for suspicious activity

### Rate Limiting

Authentication also enables us to associate requests with your account for rate limiting purposes. Each API key has limits based on your subscription tier. Check your dashboard for your current rate limits and usage statistics.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.rpc.forbole.com/rpc-api-documentation/guide-to-rpc/endpoints/authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.