Skip to main content

Authentication

This section explains how to authenticate requests to the Stakely Staking API and securely interact with its endpoints.

Create API keys

To use the Staking API, you must have an account on https://app.stakely.io. If you do not have one yet, you can register here.

Once registered, log in to your account. A single account provides access to all Stakely products, including the Staking API.

API keys are managed from the Staking API dashboard at https://app.stakely.io/staking-api. From there, you can create new keys, view existing ones, and revoke keys when no longer needed.

Using API keys

All API requests must be authenticated using an API key generated through the Staking API dashboard.

Include your API key in the X-API-KEY header with every request:

X-API-KEY: your-api-key-here

Examples and ready-to-use code snippets in different programming languages are provided in later sections of the documentation, within each network-specific integration guide.

Response signature verification (optional)

As an additional security measure, each HTTP response includes a cryptographic signature in the x-signature response header. This signature allows clients to verify the integrity and authenticity of the response payload.

The signature is generated by signing the SHA-256 hash of the HTTP response body using Stakely’s RSA private key. Clients can verify the signature using the corresponding RSA public key provided below.

Public key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2TpKOJfmku7aEIrKaCMM
xjA10UCixAryVsB+PIoLKTEsUiNfctwbeXcpQuPOit9H7by+ezgg/A4SCog/Dtc7
fTp4Gnnq/adLNDllMeKoQCeIz/3N7TqItr+74NTAm6TkwR4lriIy/XiDpIak530f
8ZXFnmQTz3Cffbio3A9DhgwC5OWjSgkYdU35Rti36OGM6pnPlipxm7KD/9ddjc+H
vRY8o6kbp8Cy9QsXZqivHVvcFQ61gl8TMpgcziNgI+tDiof/SM6x6KGxuGT3s40J
TZ0g98GKgynkRW22OPfK3vP1FZ0UmIRJ6tAWYTNntGjLM+vM1OOsGk+5BmEkxy/B
HwIDAQAB
-----END PUBLIC KEY-----

Signature verification on the client side is optional but recommended, especially for integrations requiring additional guarantees around data integrity.

Example: signature verification in Node.js

const crypto = require('crypto');

function verifySignature(publicKey, data, signature) {
  const verifier = crypto.createVerify('RSA-SHA256');
  verifier.update(data);
  return verifier.verify(publicKey, signature, 'base64');
}

// Example usage
const publicKey = '-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----';
const receivedData = '{"data":"Example payload"}';
const receivedSignature = 'signature-from-x-signature-header';

const isValid = verifySignature(publicKey, receivedData, receivedSignature);
console.log('Is the signature valid?', isValid);

Next steps

Once authenticated, you can start interacting with the network-specific staking endpoints described in the following sections.