API Keys - Solami

API keys authenticate your requests to Solami services. Each key type unlocks a specific service, so you only expose the access your application needs.

Key types

Type	Purpose
RPC Key	JSON-RPC, WebSocket, and REST API access
gRPC Key	gRPC streaming connections (Yellowstone)
SWQoS Key	Stake-weighted QoS transaction sending
API Key	General API access

Create a key

Open the API Keys dashboard

Go to Dashboard → API Keys and click Create Key.

Name and type your key

Enter a label (for example, production-rpc) and select the key type that matches the service you’re using.

Copy and store your key

Copy the key immediately and save it somewhere secure — a secrets manager, environment variable, or password vault.

Your key is shown only once. After you dismiss this dialog, you cannot retrieve it again. If you lose it, revoke the key and create a new one.

Use your key

You can pass your key either as a query parameter or as an Authorization header. Both methods work for all Solami endpoints.

Query parameter
Authorization header

Append ?api_key=YOUR_API_KEY to the endpoint URL.

curl "https://rpc.solami.fast/sol?api_key=YOUR_API_KEY" \
  -X POST \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"getSlot","params":[]}'

Pass the key as a Bearer token in the Authorization header. Use this approach when you prefer to keep keys out of URLs and server logs.

curl "https://rpc.solami.fast/sol" \
  -X POST \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"getSlot","params":[]}'

Endpoint URLs by service

Service	URL
RPC	`https://rpc.solami.fast/sol?api_key=YOUR_API_KEY`
WebSocket	`wss://rpc.solami.fast/ws/sol?api_key=YOUR_API_KEY`
gRPC	`https://grpc.solami.fast?api_key=YOUR_API_KEY`

Revoke a key

Go to Dashboard → API Keys, find the key you want to remove, and click Revoke. Revoked keys stop working immediately — there is no grace period.

Best practices

One key per app

Use a separate key for each application or environment. This limits blast radius if a key is exposed and makes it easier to rotate access without downtime.

Rotate regularly

Create a new key, update your application, then revoke the old one. Rotating keys periodically reduces the risk of long-lived credentials being compromised.

Use the right key type

Use a SWQoS Key when sending transactions, a gRPC Key for streaming connections, and an RPC Key for everything else. Avoid using a single key for all services.

Never commit keys

Keep keys out of source code and version control. Use environment variables or a secrets manager like AWS Secrets Manager, HashiCorp Vault, or Doppler.

​Key types

​Create a key

​Use your key

​Endpoint URLs by service

​Revoke a key

​Best practices

One key per app

Rotate regularly

Use the right key type

Never commit keys

Key types

Create a key

Use your key

Endpoint URLs by service

Revoke a key

Best practices