| sidebar_position | 3 |
|---|
import AppUrl from '@site/src/components/AppUrl';
This section explains how to authenticate requests to the Stakely Staking API and securely interact with its endpoints.
To use the Staking API, you must have an account on . If you do not have one yet, you can register here.
Once registered, log in to your account. A single account provides access to all Stakely products, including the Staking API.
API keys are managed from the Staking API dashboard at . From there, you can create new keys, view existing ones, and revoke keys when no longer needed.
All API requests must be authenticated using an API key generated through the Staking API dashboard.
Include your API key in the X-API-KEY header with every request:
X-API-KEY: your-api-key-hereExamples and ready-to-use code snippets in different programming languages are provided in later sections of the documentation, within each network-specific integration guide.
As an additional security measure, each HTTP response includes a cryptographic signature in the x-signature response header. This signature allows clients to verify the integrity and authenticity of the response payload.
The signature is generated by signing the SHA-256 hash of the HTTP response body using Stakely’s RSA private key. Clients can verify the signature using the corresponding RSA public key provided below.
Public key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2TpKOJfmku7aEIrKaCMM
xjA10UCixAryVsB+PIoLKTEsUiNfctwbeXcpQuPOit9H7by+ezgg/A4SCog/Dtc7
fTp4Gnnq/adLNDllMeKoQCeIz/3N7TqItr+74NTAm6TkwR4lriIy/XiDpIak530f
8ZXFnmQTz3Cffbio3A9DhgwC5OWjSgkYdU35Rti36OGM6pnPlipxm7KD/9ddjc+H
vRY8o6kbp8Cy9QsXZqivHVvcFQ61gl8TMpgcziNgI+tDiof/SM6x6KGxuGT3s40J
TZ0g98GKgynkRW22OPfK3vP1FZ0UmIRJ6tAWYTNntGjLM+vM1OOsGk+5BmEkxy/B
HwIDAQAB
-----END PUBLIC KEY-----
Signature verification on the client side is optional but recommended, especially for integrations requiring additional guarantees around data integrity.
const crypto = require('crypto');
function verifySignature(publicKey, data, signature) {
const verifier = crypto.createVerify('RSA-SHA256');
verifier.update(data);
return verifier.verify(publicKey, signature, 'base64');
}
// Example usage
const publicKey = '-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----';
const receivedData = '{"data":"Example payload"}';
const receivedSignature = 'signature-from-x-signature-header';
const isValid = verifySignature(publicKey, receivedData, receivedSignature);
console.log('Is the signature valid?', isValid);Once authenticated, you can start interacting with the network-specific staking endpoints described in the following sections.