Authentication

Overview

Our API requires authentication for all requests. We use API keys to authenticate requests and determine permission levels. Your API key carries many privileges, so be sure to keep it secure. Do not share your API key in publicly accessible areas such as GitHub, client-side code, or in your application's source code.

Obtaining an API Key

To get an API key:

  1. Sign in to your account dashboard at https://rpc.forbole.com/

  2. Navigate to the "API Keys" section or settings

  3. Click the API key to copy

Store your API key securely. For security reasons, we only show your key once at creation time.

Using Your API Key

You can authenticate with your API key in two ways:

Option 1: Query Parameter

Add the apikey parameter to your request URL:

https://api.example.com/v1/resource?apikey=YOUR_API_KEY

Option 2: Request Header

Send your API key in an HTTP header:

apikey: YOUR_API_KEY

We strongly recommend using the header method whenever possible, as this prevents your API key from being logged in server access logs.

Authentication with Different Protocols

REST over HTTP

Using header (recommended):

curl -X GET "https://api.example.com/v1/resource" \
  -H "apikey: YOUR_API_KEY"

Using query parameter:

curl -X GET "https://api.example.com/v1/resource?apikey=YOUR_API_KEY"

gRPC

When using gRPC, include your API key as metadata:

import grpc

channel = grpc.insecure_channel('api.example.com:50051')
metadata = [('apikey', 'YOUR_API_KEY')]
stub = service_pb2_grpc.ServiceStub(channel)
response = stub.Method(request, metadata=metadata)

WebSockets

When establishing a WebSocket connection, include your API key in the connection URL or in the WebSocket headers:

Using query parameter:

const socket = new WebSocket('wss://api.example.com/v1/socket?apikey=YOUR_API_KEY');

Using header (recommended):

const socket = new WebSocket('wss://api.example.com/v1/socket');
socket.setRequestHeader('apikey', 'YOUR_API_KEY');

Security Best Practices

  1. Keep your API key private - Never expose your API key in public repositories or client-side code

  2. Use environment variables - Store your API key in environment variables rather than hardcoding

  3. Rotate keys regularly - Generate new API keys periodically and deprecate old ones

  4. Use specific permissions - Create keys with the minimum necessary permissions

  5. Monitor usage - Regularly review API usage logs for suspicious activity

Rate Limiting

Authentication also enables us to associate requests with your account for rate limiting purposes. Each API key has limits based on your subscription tier. Check your dashboard for your current rate limits and usage statistics.

Last updated

Was this helpful?