Security
A guide to security and management of Nirvana Labs API keys.
Nirvana Labs uses a combination of tools and mechanisms to secure network endpoints and users' API keys.
Next-Generation Web Application Firewall (WAF)
Nirvana Labs deploys Fastly Next-Gen WAF by Signal Sciences to secure API requests without impacting performance. The hybrid software as a service (SaaS) solution is infrastructure-agnostic with a patented approach, developed by Signal Sciences, to easily scale and protect even the highest volume applications and APIs.
We deploy Fastly's Next-Gen WAF, powered by Signal Sciences, directly on the node's virtual machine (VM) to safeguard the node's RPC API gateway from potential malicious requests. This ensures real-time and continuous protection from Malicious bots, Account Takeover/Credential Stuffing, API Abuse, App DDoS, Advanced Rate Limiting, Virtual Patching, and more.
API Keys
Nirvana Labs uses an API Key in URL (Path Parameter) to authenticate API requests. The API key is directly embedded in the request's URL and point to a specific REST API resource. An example of a URL-based API request is:
curl -X POST https://eth-mainnet.g.nirvanalabs.io/v2/demo \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
Share API key access
Team account holders can share access to their Nirvana Labs API keys with other account members.
To share an API key:
- In the Dashboard, select the API that you want to share.
- Select the API Key Sharing tab.
- If you haven't shared the API key yet, select Invite Members.
- Type one or more user emails, assign the user role, and select Share API Key.
- Select Confirm.
Creating a new API key
To create a new API key, go to the Security tab in your Dashboard and click on the Refresh button next to your current API key.
A pop-up window will notify you that you are about to generate a new API key to replace the existing one. Click on Confirm to continue.
The new API key will overwrite the previous one and will be used by Nirvana Labs to authenticate all your API requests.
User roles
Administrator
The Nirvana Labs account owner who created the API key.*
- Can change roles, and revoke and resend invites.
- Can edit security settings and view API key statistics.
- Can delete the API key.
- View billing details.
*Ownership of an API key cannot be changed once created.
Developer
- Has access to the API key name, security settings, and collaborator list.
- Can edit security settings and view API key statistics.
- Can delete the API key.
- View billing details.
Accept an invitation
You'll receive an email invitation to access an API key. In the email invitation, select Confirm and accept the invitation.
You can view all keys that you own, and all keys shared with you, by selecting Key Sharing in the Dashboard.
Updated about 1 year ago