How to use API Keys

To enhance the security and reliability of your integrations, Safe is introducing authenticated API access. Authenticated requests ensure that only authorized applications and developers can interact with our services, protecting your data and the overall ecosystem.

This guide explains how to generate an API key, use it for authenticated requests, and handle rate limits, errors, and security best practices.

Getting a Safe API Key

1. Visit the Safe API Dashboard (opens in a new tab).
2. Create an account (if you haven’t already).
3. Generate your API key in the API Keys section.

The API Key is a JWT, which is set to expire after 5 years.

Using Your API Key

To authenticate your requests, include your API key in the Authorization header. Below, there are different request examples. We use EIP3770 names for chains, so for example, for Ethereum Mainnet (eth):

Rate Limits and Usage Tiers

The Safe API currently has a default rate limit of 5 requests per second. If you require a higher rate limit, please contact us at support@safe.global to discuss upgrading your tier and to understand usage quotas.

Error Handling

If your API key is invalid or exceeds its rate limit, the API returns standard HTTP error codes:

• 401 Unauthorized: Invalid or missing API key.
• 429 Too Many Requests: Rate limit exceeded.

Make sure your application gracefully handles these errors to avoid disruptions.

Best Practices

• Store keys securely: Use environment variables or secure vaults instead of hard-coding API keys in your application.
• Rotate keys periodically: Periodically rotate your API keys to minimize potential security risks.
• Revoke compromised keys immediately: If an API key is compromised, revoke it immediately via the dashboard and generate a new one.

Need Help?

If you have questions or encounter issues, please reach out to our support team at support@safe.global.