Authentication
Axol API supports two authentication methods: API Keys and JWT tokens.
API Keys
Best for server-side applications and long-lived integrations.
Getting Your API Key
- Sign up at axol.io
- Navigate to Dashboard → API Keys
- Click "Create New Key"
- Copy and secure your key immediately
Using API Keys
Header Authentication:
X-API-Key: your_api_key_here
Python SDK:
client = AxolClient(api_key="your_api_key")
cURL:
curl https://api.axol.io/v1/gas/ethereum \
-H "X-API-Key: your_api_key"
JWT Tokens
Best for client-side applications and temporary access.
Getting a JWT Token
# Exchange API key for JWT
response = client.auth.get_token(
api_key="your_api_key",
api_secret="your_api_secret"
)
token = response['access_token']
# Token expires in 1 hour by default
Using JWT Tokens
Header Authentication:
Authorization: Bearer your_jwt_token_here
Python SDK:
client = AxolClient(jwt_token="your_jwt_token")
Rate Limiting
Axol uses Compute Unit (CU) based rate limiting. Limits are per API key:
| Tier | Monthly CU Pool | Throughput (CUPs) | Trace CU Pool |
|---|---|---|---|
| Starter | 400M CUs | 50 CUs/sec | No access |
| Growth | 2B CUs | 330 CUs/sec | 100M |
| Scale | 12B CUs | 1,250 CUs/sec | 1B |
| Enterprise | Custom CUs | Custom CUs/sec | Custom |
CUPs (Compute Units Per Second): Maximum throughput rate. Monthly CU Pool: Total compute units available per month. Trace CU Pool: Separate allocation for trace_* and debug_* methods.
Check your current usage via response headers:
X-RateLimit-CU-Limit: 2000000000
X-RateLimit-CU-Remaining: 1950000000
X-RateLimit-CU-Reset: 1638360000
X-RateLimit-Trace-CU-Limit: 100000000
X-RateLimit-Trace-CU-Remaining: 95000000
Learn more: Pricing
Security Best Practices
DO:
- Store keys in environment variables
- Use JWT tokens for client applications
- Rotate keys regularly
- Use IP whitelisting for production
DON'T:
- Commit keys to version control
- Share keys between environments
- Use API keys in client-side code
- Log or display keys in errors
API Key Scopes
Control access with scopes:
read:blockchain- Read blockchain datawrite:transactions- Submit transactionsstream:websocket- Access WebSocket streamsadmin:account- Manage account settings
IP Whitelisting
Restrict API key usage to specific IPs:
# Configure in dashboard or via API
client.security.whitelist_ips([
"192.168.1.1",
"10.0.0.0/24"
])
Next Steps
- Quick Start - Make your first authenticated call
- WebSockets - Authenticate real-time connections
- API Reference - Full authentication endpoints