Skip to content

Authentication

Every request needs an API key. Send it as a header, or in the URL path.

Every request to an ethnodeops.xyz endpoint must be authenticated with an API key. There are two ways to supply it — pick whichever fits your tooling.

Send your key in the X-API-Key header. This keeps the key out of URLs, logs, and browser history, so it's the recommended approach.

header 
X-API-Key: YOUR_API_KEY
bash 
curl https://hoodi.rpc.ethnodeops.xyz \
  -H "X-API-Key: YOUR_API_KEY" \
  -X POST -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'

Key in the URL path

If your use case can't set a custom header, place the key in the URL path directly after the domain. Everything after the key is treated as the normal request path.

url 
https://hoodi.rpc.ethnodeops.xyz/YOUR_API_KEY
bash 
curl https://hoodi.rpc.ethnodeops.xyz/YOUR_API_KEY \
  -X POST -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'

The same applies to the Consensus Layer REST API — the key goes first, then the REST path:

bash 
curl https://hoodi.ebeacon.ethnodeops.xyz/YOUR_API_KEY/eth/v1/node/version

Keeping your key safe

  • Treat your API key like a password — don't commit it to source control.
  • Prefer the X-API-Key header over the URL path; URLs are more likely to end up in logs and analytics.
  • Load it from an environment variable or secret manager in your apps.
  • If a key is exposed, email node-infrastructure@ethereum.org and we'll rotate it.

Requesting a key

Don't have a key yet? Get in touch and we'll set you up.

Reach out to the Node Infrastructure team:

Message us on Mattermost → Or email node-infrastructure@ethereum.org

When you get in touch, please tell us:

  • Whether the key is for you as an individual or a shared team key
  • Your name or team
  • A short description of your use case