Authentication

Every request to TheRPC's Solana endpoint must carry your API key — it's how the service knows the call is yours and meters it against your plan. The simplest way to authenticate is to put the key directly in the endpoint URL path, as in https://solana.therpc.io/YOUR_API_KEY; if you'd rather keep it out of the URL, you can pass it instead in an Authorization header using the Bearer scheme. This guide walks you through getting a key from your dashboard, placing it correctly for both HTTP and WebSocket connections, securing it, and recognizing the JSON-RPC errors you'll see when authentication fails.

Getting an API Key

• Sign up for a free account at TheRPC.io.
• Sign in and open your dashboard — your personal account cabinet.
• Navigate to the API Keys section.
• Generate a new key (or copy an existing one) and use it in your Solana endpoint URL.

Using Your API Key

For HTTP calls, place your key in the path of the Solana endpoint so the full URL reads https://solana.therpc.io/YOUR_API_KEY, then POST your JSON-RPC payload to it. If you prefer not to embed the key in the URL, you can additionally send it in the Authorization header with the Bearer scheme (Authorization: Bearer YOUR_API_KEY). The WebSocket PubSub endpoint authenticates the same way — the same key goes in the path of the wss://solana.therpc.io/YOUR_API_KEY connection URL.

Endpoint URL (key in path)

HTTP:      https://solana.therpc.io/YOUR_API_KEY
WebSocket: wss://solana.therpc.io/YOUR_API_KEY

HTTP Headers (Bearer variant)

1Authorization: Bearer YOUR_API_KEY

Example Requests — curl

1curl --request POST 'https://solana.therpc.io/YOUR_API_KEY' \
2  --header 'Content-Type: application/json' \
3  --header 'Authorization: Bearer YOUR_API_KEY' \
4  --data '{
5    "jsonrpc": "2.0",
6    "id": 1,
7    "method": "getSlot",
8    "params": []
9  }'

Example Requests — JavaScript

1const response = await fetch('https://solana.therpc.io/YOUR_API_KEY', {
2  method: 'POST',
3  headers: {
4    'Content-Type': 'application/json',
5    Authorization: `Bearer ${API_KEY}`,
6  },
7  body: JSON.stringify({
8    jsonrpc: '2.0',
9    id: 1,
10    method: 'getSlot',
11    params: [],
12  }),
13});

Security Best Practices

• Never commit your API key to source control — keep it out of Git, even in private repos.
• Don't paste keys into public forums, issue trackers, Discord, or chat logs where they could leak.
• Store keys in environment variables or a secret manager (such as a vault), not hardcoded in source.
• Rotate keys periodically, and revoke any compromised key immediately from the dashboard.
• Use separate keys per environment and per application so you can revoke one without breaking the others.
• Monitor each key's usage in your TheRPC dashboard to catch unexpected traffic early.

Error Handling

When authentication fails, TheRPC replies with a standard JSON-RPC 2.0 error object instead of a result — an error block carrying a numeric code and a human-readable message, like the example below. The usual causes are a missing key (you forgot to fill the path or header), a malformed or invalid key, a key that has been expired or revoked from the dashboard, or a request rejected because you've exceeded your plan's rate limit. Check the message to tell these apart, and re-issue or rotate the key from your dashboard if it's no longer valid.

Authentication Error Response

1{
2  "jsonrpc": "2.0",
3  "error": {
4    "code": -32001,
5    "message": "Invalid authentication credentials"
6  },
7  "id": 1
8}

Environment Setup

As a rule, load your key from an environment variable at runtime rather than hardcoding it into your Solana client. Keeping the key in a .env file (excluded from version control) or in your platform's secret store means you can rotate it, swap between mainnet and devnet keys, and share code safely without ever exposing the credential. The examples below read the key into the Solana endpoint URL from the environment in both Node.js and Python.

Environment Variables — .env

1# .env file
2THERPC_API_KEY=your_api_key_here

Configuration Examples — Node.js

1require('dotenv').config();
2const API_KEY = process.env.THERPC_API_KEY;
3const RPC_URL = `https://solana.therpc.io/${API_KEY}`;

Configuration Examples — Python

1import os
2from dotenv import load_dotenv
3 
4load_dotenv()
5API_KEY = os.getenv('THERPC_API_KEY')
6RPC_URL = f"https://solana.therpc.io/{API_KEY}"