Skip to main content
API keys are essential for authenticating and accessing Winnie’s services. This guide explains how to manage and use your API keys effectively.

Understanding API Keys

API keys serve as your authentication credentials when making requests to Winnie’s services. Each key is associated with your account and plan, determining your rate limits and permissions.
Protect your API keys like passwords. Never expose them in client-side code or public repositories.

Key Types

Standard API Key

General-purpose keys for accessing all services

Restricted API Key

Keys with limited permissions for specific services

Dedicated API Key

High-performance keys for dedicated nodes

Generating an API Key

1

Log in to your Winnie Dashboard

Visit dashboard.henlo-winnie.dev and sign in to your account
2

Navigate to API Keys section

Find the “API Keys” section in the dashboard menu
3

Generate a new key

Click the “Generate New Key” button and provide a name for your key
4

Set permissions (optional)

If creating a restricted key, select the specific permissions
5

Copy and store securely

Copy your new API key and store it securely - you won’t be able to view it again

Using API Keys

In the URL

curl -X POST https://api.henlo-winnie.dev/v1/mainnet/YOUR_API_KEY \
  -H "Content-Type: application/json" \
  --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'

Security Best Practices

Never expose your API keys in client-side code, public repositories, or insecure locations.
Periodically generate new API keys and deprecate old ones, especially for production environments.
Store API keys in environment variables rather than hardcoding them in your application.
Restrict API key usage to specific IP addresses for enhanced security.
Create keys with only the permissions they need for their specific use case.

Permissions

API keys can be configured with granular permissions:
PermissionDescription
rpcAccess to RPC endpoints
webhooksAbility to create and manage webhooks
analyticsAccess to analytics data
adminAdministrative capabilities (use with caution)

Monitoring and Analytics

Monitor your API key usage in the dashboard:
  • Track request volume and patterns
  • View historical usage data
  • Set up alerts for unusual activity
  • Identify performance bottlenecks

Troubleshooting

Verify that you’re using the correct API key and that it hasn’t been revoked. Check for typos in the key string.
Ensure you’re sending the API key correctly in the URL.
Check your current plan’s rate limits. Consider upgrading your plan or implementing rate limiting on your side.