Details: https://docs.infura.io/infura/networks/ethereum/how-to/secure-a-project
Patterns:
- Frontend/Mobile app:
+ Requests: 10/sec, 5000/day
+ Allowlists: Origins, Contract addresses, User agents (optional)
+ JWT required: Public (short expiration), Signed (long expiration) - BE service:
+ Requests: x0/sec, x000/day
+ Allowlists: Contract addresses, User agents (optional)
+ Project secret required: JWT or API secret
Secure with API key secret
curl --user :<INFURA-API-KEY-SECRET> \
https://mainnet.infura.io/v3/<INFURA-API-KEY> \
-d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
There 2 ways to serve:
#1. Add basic authentication to header:
Header {
Authorization: Basic base64(':<INFURA-API-KEY-SECRET>')
}
Use custom headers and agent of web3: https://web3js.readthedocs.io/en/v1.7.4/web3.html
#2. Use credentialed URLs
https://:<INFURA-API-KEY-SECRET>@mainnet.infura.io/v3/<INFURA-API-KEY>