theRPC
BNB Smart Chain

BNB Smart Chain

Authentication

Every BNB Smart Chain request you send through TheRPC must carry a valid API key. Unauthenticated traffic to the chainId 56 endpoint is rejected before it reaches a node. This guide explains where to generate that key, the two ways you can present it (in the https://bsc.therpc.io/YOUR_API_KEY URL path or as a Bearer header), the security habits that keep it from leaking, and how to read the JSON-RPC error you get back when authentication fails.

Getting an API Key

  • Sign up for a free account at TheRPC.io.
  • Open the Dashboard once you are logged in.
  • Go to the API Keys section.
  • Generate a key and copy it for use in your BNB Smart Chain endpoint URL.

Using Your API Key

Alongside placing the token in the request path, TheRPC accepts the key through the standard Authorization header using the Bearer scheme, shown in the examples below. Whichever style you choose, the credential has to accompany every single call to the BNB Smart Chain gateway. There is no session or cookie, so a request that omits the key will not be processed.

HTTP Headers

Authorization: Bearer YOUR_API_KEY

Example Requests — curl

curl --request POST 'https://bsc.therpc.io/YOUR_API_KEY' \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Bearer YOUR_API_KEY' \
  --data '{
    "jsonrpc": "2.0",
    "method": "eth_blockNumber",
    "params": [],
    "id": 1
  }'

Example Requests — JavaScript

const response = await fetch('https://bsc.therpc.io/YOUR_API_KEY', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    Authorization: `Bearer ${API_KEY}`,
  },
  body: JSON.stringify({
    jsonrpc: '2.0',
    method: 'eth_blockNumber',
    params: [],
    id: 1,
  }),
});

Security Best Practices

  • Never commit a BNB Smart Chain key to Git or any source-control history.
  • Avoid pasting keys into public forums, Discord channels, or issue trackers.
  • Keep keys in environment variables or a secret vault rather than inline code.
  • Rotate keys on a schedule and revoke any compromised key from the dashboard immediately.
  • Issue a separate key per environment or application so a leak stays contained.
  • Watch each key's usage on the TheRPC dashboard to spot anomalies early.

Error Handling

When authentication fails, the BNB Smart Chain endpoint returns a JSON-RPC envelope whose error object carries code -32001 and a message like "Invalid authentication credentials", as shown below. The usual triggers are a missing key, a malformed token, a key that has been expired or revoked from the dashboard, or hitting your plan's rate ceiling. Inspect the code and message to tell an auth problem apart from a throttling one.

Authentication Error Response

{
  "jsonrpc": "2.0",
  "error": {
    "code": -32001,
    "message": "Invalid authentication credentials"
  },
  "id": 1
}

Environment Setup

Keep your BNB Smart Chain key out of the codebase by loading it from an environment variable at runtime instead of hardcoding the literal token. A small .env entry plus the language snippets below let you read the value through process.env or os.getenv, so the same source ships safely across machines and the key never lands in version control.

Environment Variables — .env

# .env file
THERPC_API_KEY=your_api_key_here

Configuration Examples — Node.js

require('dotenv').config();
const API_KEY = process.env.THERPC_API_KEY;

Configuration Examples — Python

import os
from dotenv import load_dotenv
 
load_dotenv()
API_KEY = os.getenv('THERPC_API_KEY')

Ready to call this in production?

Free tier covers personal projects. Pay-as-you-go scales without a card.