Introduction

Overview

Supported Networks

Quickstart Guides

Pricing

Pricing FAQ

API Reference

Endpoints Details

Rate Limiting

Api key

API Key Best Practices

API Key Revocation

Endpoints

Retrieve SDK Defaults

Create Account

Get InitCode

Send UserOp

Get UserOp status

Sign UserOp for Paymaster Sponsorship

Get Account Info

Recover account

Notarize

Get Notarizations

Proof of Inclusion

Get Task Status

Get Task by UserOp Hash

Send Delegated Tx

SDK Reference

Getting Started

Changes

Builder

Core SDK

Admin SDK

Ethers Adapters

Support

Contact us

On this page

API Key Security Best Practices

DO

Store API keys as environment variables (e.g., .env or a secret manager)
Rotate API keys periodically (every 3–6 months)
Apply the principle of least privilege (scopes/permissions)
Monitor API key usage from the dashboard

DON'T

Never commit API keys to source control
Do not expose API keys on the client side (browser)
Do not share API keys publicly

Pager

Previous pageRate Limiting

Next pageAPI Key Revocation

API Key Security Best Practices ​

DO ​

DON'T ​

API Key Security Best Practices

DO

DON'T