Skip to content
Documentation
API Access
API Keys

API Keys

API keys are how your project identifies itself to us for authentication and rate limiting purposes. If you do not use an API key, your client will be considered “anonymous” and subject to significantly lower rate limits. You can learn how to attach an API key to your requests on the overview page of any project.

As a general rule, you should only use one API key at a time per project. Aptos Build supports multiple keys for a single project only to enable key rotation in case a key is leaked.

To be clear, you should create different projects for different purposes, even for the same application. For example, if your dapp is composed of a frontend and a backend, you should create two different projects: one for the frontend and one for the backend.

Project Types

When creating an project, you will be prompted to select an project type:

  • Backend: If your project runs in an environment where you can keep an API key secret, select this type. This is generally anything that runs in a backend such as an indexer processor or fee payer server.
  • Web App: If your project is a frontend web app (dapp), select this type. These apps include a public ID with their requests, an ID type that is okay to expose publicly. You need to provide the URL of your dapp when creating an project of this type.
  • Browser Extension: If your project is a browser extension, select this type. Often this means wallets. Similar to web apps you provide a public ID instead of an API key. Unlike web apps, you provide the extension ID rather than a URL.
  • Mobile: If your project is a mobile app, select this type.

The latter three of these are considered “frontend” projects. Ratelimiting for frontend projects is more complex than for backend projects. Clients of frontend projects are ratelimited in two ways:

  • Project limit: The entire project has a CU limit, just like a backend project. For example, if the project has a limit of 1,000,000 CUs per 5-minute window and each user uses on average 20,000 CUs per 5-minute window, the project can support on average 50 concurrent users.
  • Per-IP limit: You can configure a per-IP limit, to ensure no single user can consume too much of the project limit, e.g. 10,000 CUs per 5-minute window.

Learn more about quotas and rate limits here.

Key Types

  • Confidential key: Used with the backend project type. They look like aptoslabs_aXjFX8fDdZv_AXMynDZvp711WTBpSBmqLyj12RV9RFA6B. Keep these secret.
  • Public ID: Used with the web app and browser extension project types. They look like AG-FL4PYMZ1YX1LGAJCWP2R1ACYTYRCBY1GB. We perform additional checks and analytics to ensure the use of these IDs is authentic.
API AccessQuotas