Docs

Getting Started

Introduction

Quick Start

Authentication

Rate Limits

Overview

eth_getBalance

eth_blockNumber

eth_getTransactionByHash

All Methods

EVM JSON-RPC

eth_call

Data API

Overview

Market Data

User State

Funding Rates

Orderbook Websocket

Connection

Subscriptions

Message Format

Real-Time Data Streams

Overview

Trade Feed

Liquidation Feed

Direct Sentry Peering

Overview

Setup Guide

Validator & Staking

Overview

Delegation Guide

SDK & Tools

Python SDK

JavaScript SDK

cURL Examples

More

Changelog

FAQ

Historical Archives

Contact Support

Docs

Getting Started

Introduction

Quick Start

Authentication

Rate Limits

Overview

eth_getBalance

eth_blockNumber

eth_getTransactionByHash

All Methods

EVM JSON-RPC

eth_call

Data API

Overview

Market Data

User State

Funding Rates

Orderbook Websocket

Connection

Subscriptions

Message Format

Real-Time Data Streams

Overview

Trade Feed

Liquidation Feed

Direct Sentry Peering

Overview

Setup Guide

Validator & Staking

Overview

Delegation Guide

SDK & Tools

Python SDK

JavaScript SDK

cURL Examples

More

Changelog

FAQ

Historical Archives

Contact Support

Authentication

API key setup and security best practices.

API keys

Every request to HypeRPC must include a valid API key. Your API key is embedded in the endpoint URL you receive when creating an endpoint in the Console. There are no additional headers or tokens required — the URL itself authenticates your requests.

Your endpoint URL follows this pattern:

https://rpc.hyperpc.app/{endpoint-id}

The endpoint-id acts as your authentication credential. Keep it private and never expose it in client-side code, public repositories, or browser-accessible URLs.

Generating API keys

To create a new API key:

  1. Log in to the HypeRPC Console at console.hyperpc.app

  2. Navigate to Products → Endpoints

  3. Click Create Endpoint

  4. Select your region (EU or JP) and plan tier

  5. Copy the generated endpoint URL

You can create multiple endpoints for different environments (development, staging, production). Each endpoint has its own usage tracking and rate limits.

Security best practices

Environment variables — Store your endpoint URL in environment variables, never hardcode it in source files. Use .env files locally and your platform's secrets manager in production.

Server-side only — Make RPC calls from your backend server, not from client-side JavaScript. Exposing your endpoint URL in the browser allows anyone to use your quota.

Rotate regularly — If you suspect a key has been compromised, delete the endpoint in the Console and create a new one. Active connections will be terminated immediately.

Separate environments — Use different endpoints for development and production. This prevents test traffic from consuming production quota.

Monitor usage — Check the Console dashboard regularly to spot unusual traffic patterns. Unexpected spikes may indicate a leaked key.

IP allowlisting

Enterprise and Dedicated Node plans support IP allowlisting. When enabled, only requests from approved IP addresses will be accepted. Configure this in the Console under Endpoint Settings → Security.

Rate limit headers

Every response includes headers that show your current usage status.

Header

Description

X-RateLimit-Limit

Maximum requests per second for your plan

X-RateLimit-Remaining

Requests remaining in the current window

X-RateLimit-Reset

Unix timestamp when the window resets

See the Rate Limits page for detailed information about limits per plan and how to handle 429 responses.

Home

/

Introduction

Previous

Quick Start

Next

Rate Limits

On this page

Getting Started

/

Authentication

Launch App

Getting Started

/

Authentication

Launch App

Docs