🔑 Authentication & Security

When using the Tatum REST API or SDK, you need to authenticate yourself with an API key.

Access our services by authenticating with your API keys through the methods listed in this article.

API keys are bound to a Tatum account and a pricing plan, defining the number of requests you can make per second, as well as the total number of requests available each month.

Get API key For free. No commitment.

Don't have an API key?

Sign up to Dashboard and create your API keys today.
Get higher limits and use debugging tools.

How to authenticate your requests

  1. You need a Tatum Account.
  2. Sign in or create your Tatum Account via the following link.
  3. New Free accounts come with x2 API Keys:
    • x1 Mainnet API Key
    • x1 Testnet API Key
  4. Authenticate your requests with your API key(s).

📘

Find more about Mainnet and Testnet in the following article.

Example request - Authenticated:

curl --location 'https://api.tatum.io/v3/dogecoin/address/balance/DTsH7BpHcekmUmaHjUX9eb4Z4CFzCKuY9K' \
--header 'x-api-key: {YOUR_API_KEY}
//response:
{
    "incoming": "0",
    "outgoing": "0",
    "incomingPending": "0",
    "outgoingPending": "0"
}

Authentication methods

X-API-Key in header

curl --location 'https://api.tatum.io/v3/blockchain/node/<CHAIN>-<MAINNET/TESTNET>'
--header 'Content-Type: application/json' 
--header 'x-api-key:{YOUR_API_KEY}' 
--data '{
    "jsonrpc":"2.0",
    "method":"web3_clientVersion",
    "params":[],
    "id":1
}'
const tatum = await TatumSDK.init<Ethereum>({
  network: Network.ETHEREUM,
  apiKey: {
   v4: 'YOUR_API_KEY_V4'
})

API Key in the SDK

import { TatumSDK, Ethereum, Network } from '@tatumio/tatum'

const tatum = await TatumSDK.init<Ethereum>({
    network: Network.ETHEREUM, 
    apiKey: { v4: 'YOU-API-KEY'}
    }
)

Auth Bearer Token

//Blockchain Gateway
curl --location 'https://arb-one-mainnet.gateway.tatum.io' \
--header 'Content-Type: application/json' \
--header 'Authorization: {YOUR_API_KEY}' \
--data '{
    "jsonrpc":"2.0",
    "method":"eth_blockNumber",
    "params":[],
    "id":1
}'
//v3 REST API endpoints
curl --location 'https://api.tatum.io/v3/bitcoin/wallet' \
--header 'Authorization: {YOUR_API_KEY}'

X-API-Key as a part of the URL

//Blockchain Gateway
curl --location 'https://x-api-key:{YOUR_API_KEY}@{CHAIN}.gateway.tatum.io' \
--header 'Content-Type: application/json' \
--data '{
    "jsonrpc":"2.0",
    "method":"eth_blockNumber",
    "params":[],
    "id":1
}'
//v3 REST API endpoints
curl --location 'https://x-api-key:{YOUR_API_KEY}@api.tatum.io/v3/bitcoin/wallet'

Best Practices for Security

  • Keeping API Keys Secure: Understand how to disable or regenerate API keys to maintain the integrity of your digital operations.
  • Managing Mnemonics and Private Keys: Discover strategies for securely managing your mnemonics and private keys to prevent loss, as Tatum does not store this sensitive information.
  • Malicious Addresses: Learn how to identify and avoid blockchain addresses associated with scams, helping you stay ahead of fraudulent activities.
  • Compromised Assets: Find out what steps to take if your mnemonics or private keys are compromised, including securing remaining assets and contacting law enforcement.