If you haven't yet received your
X-Api-Keytoken as part of your onboarding process then please contact support to resolve.
All API endpoints expect an X-Api-Key to be passed on each request as a header and you will receieve a separete API key for the production and playground environments.
How these keys are stored is your decision but consider keeping these secrets outside of your codebase, possibly in an environment variable or a dedicated secrets module such as Vault or AWS Secrets Manager
Note that all requests must be sent over HTTPS.
curl -X POST 'https://engine.play.onopen.xyz/stream' \
-H 'X-Api-Key: <string, required>' \
-H 'Content-Type: application/json'
fetch("https://api.playground.engine.get-blockchain.io/stream", {
headers: {
"Content-Type": "application/json",
"X-Api-Key": "<string, required>"
},
method: "POST"
})
import requests
headers = {
'X-Api-Key': '<string, required>',
'Content-Type': 'application/json',
}
response = requests.post('https://api.playground.engine.get-blockchain.io/stream', headers=headers)
Authentication failures will be returned with a 403 Forbidden status code and body:
{
"message": "Forbidden"
}
Key Rotation
Should you require a new key to be issued then please get in touch with your support contact who will assist you immediately. Key rotation through a self-service process is currently being worked on and updates will be provided as soon as this is ready.