Docs
K

3 minutes

How to Manage API keys

This guide shows you how to create, manage, and secure API keys for your Subgraphs.

Overview

API keys are required to query Subgraphs. They authenticate users and devices, authorize access to specific endpoints, enforce rate limits, and enable usage tracking across The Graph.

Prerequisites

Create a New API Key

  1. Navigate to Subgraph Studio
  2. Click the API Keys tab in the navigation menu
  3. Click the Create API Key button

A new window will pop up:

  1. Enter a name for your API key
  2. Optional: You can enable a period spending limit
  3. Click Create API Key
Create API Key Window

Using Your API Key

Always keep your API key in environment variables or a secure secrets manager. Do not hardcode it in your codebase or expose it in client-side apps.

When you query The Graph from your dapp, you can use your API key in two ways:

  1. In the URL (optimal method for Subgraph queries):

    Include the API Key directly to your query endpoint:

    https://gateway.thegraph.com/api/<YOUR_API_KEY>/subgraphs/id/<SUBGRAPH_ID>

  2. As a bearer Token:

    Include your API Key in the Authorization request header for added security:

    Authorization: Bearer <YOUR_API_KEY>

    Curl command example:

    curl -X POST \-H "Content-Type: application/json" \-H "Authorization: Bearer {api-key}" \-d '{"query": "{ graphNetworks(first: 5) { id controller graphToken epochManager } graphAccounts(first: 5) { id names { id } defaultName { id } createdAt } }", "operationName": "Subgraphs", "variables": {}}' \https://gateway.thegraph.com/api/subgraphs/id/DZz4kDTdmzWLWsV373w2bSmoar3umKKH9y82SUKr5qmp

Check out Querying from an App for more details.

Manage API Keys

The “API keys” table lists existing API keys and allows you to manage or delete them. For each key, you can see its status, the cost for the current period, the spending limit for the current period, and the total number of queries.

How to Set Spending Limits

  1. Find your API key in the API keys table
  2. Click the “three dots” icon next to the key
  3. Select “Manage spending limit”
  4. Enter your desired monthly limit in USD
  5. Click Save

Manage spending limit: this is an optional monthly spending limit for a given API key, in USD. This limit is per billing period (calendar month).

How to Rename an API Key

  1. Click the “three dots” icon next to the key
  2. Select “Rename API key”
  3. Enter the new name
  4. Click Save

How to Regenerate an API Key

  1. Click the “three dots” icon next to the key
  2. Select “Regenerate API key”
  3. Confirm the action in the pop up dialog

Warning: Regenerating an API key will invalidate the previous key immediately. Update your applications with the new key to prevent service interruption.

API Key Details

Monitoring Usage

  1. Click on your API key to view the Details page
  2. Check the Overview section for:
    • Total number of queries
    • GRT spent
    • Current usage statistics

Restricting Domain Access

  1. Click on your API key to open the Details page
  2. Navigate to the Security section
  3. Click “Add Domain”
  4. Enter the authorized domain name
  5. Click Save

Limiting Subgraph Access

  1. In the API key Details page
  2. Navigate to the Security section
  3. Click “Assign Subgraphs”
  4. Select the Subgraphs you want to authorize
  5. Click Save

Additional Resources

Deploying Using Subgraph Studio