AllChainsDEVELOPER
HomeDocumentationNode Service

Node Service Docs

Security Guidelines

Implementing proper security measures is critical when integrating blockchain APIs into your applications. This guide outlines best practices for securing your AllChains Node Service integration to protect your account, your users, and your data.

Security Notice

Never expose your API keys in client-side code or public repositories. Compromised API keys could lead to unauthorized usage, potential data breaches, and financial losses.

Security Best Practices

API Key Security

Keep your API keys secure and rotate them regularly. Never hardcode keys in your application or include them in public repositories.

  • Store API keys in environment variables or a secure secret management system.
  • Implement API key rotation policies at least every 90 days.
  • Set up alerts for unusually high usage which might indicate a compromised key.
  • Use different API keys for development and production environments.

Rate Limiting & Backoff

Implement proper rate limiting and backoff strategies to avoid hitting API limits and to gracefully handle failures.

  • Implement exponential backoff for failed requests.
  • Monitor your usage to stay within your plan limits.
  • Distribute requests evenly throughout the day if possible.
  • Batch multiple operations when possible to reduce the number of API calls.

Server-Side Only Integration

Always make API calls from your backend servers, never from client-side applications. This prevents exposure of your API credentials.

  • Implement a proxy service on your backend to handle blockchain requests.
  • Set up CORS policies correctly to restrict access to your backend API.
  • Use authentication for your own API to prevent unauthorized access.
  • Consider implementing a request signing mechanism for additional security.

Monitoring & Alerting

Set up comprehensive monitoring and alerting for your AllChains API usage to detect issues early and respond to security incidents.

  • Monitor API response times and error rates.
  • Set up alerts for unusual patterns or unauthorized access attempts.
  • Implement logging for all API calls for audit purposes.
  • Regularly review access logs to identify potential security issues.

HTTPS and TLS

All communications with AllChains APIs must use HTTPS with TLS 1.2 or later. This ensures that data transmitted between your application and our servers remains encrypted and secure.

Example: Verifying TLS in Node.js

// Setting minimum TLS version in Node.js
const https = require('https');
const axios = require('axios');

const agent = new https.Agent({
  minVersion: 'TLSv1.2'
});

axios({
  method: 'post',
  url: 'https://rpc.AllChains.com/v1/eth',
  httpsAgent: agent,
  headers: {
    'Content-Type': 'application/json',
    'X-API-KEY': process.env.AllChains_API_KEY
  },
  data: {
    jsonrpc: '2.0',
    method: 'eth_blockNumber',
    params: [],
    id: 1
  }
})
.then(response => console.log(response.data))
.catch(error => console.error(error));

Security Incident Response

If you suspect that your API keys have been compromised, you should take immediate action:

  1. Immediately revoke and regenerate your API keys from the AllChains dashboard
  2. Review your API usage logs to determine the scope of unauthorized access
  3. Update your application to use the new API keys
  4. Contact our security team at security@AllChains.com for additional assistance

Compliance and Standards

AllChains Node Service is designed with security in mind and follows industry best practices for API security. Our infrastructure is regularly audited for security vulnerabilities and compliance with relevant standards.

For enterprise customers requiring additional security measures or compliance documentation, please contact our sales team.

Additional Resources

Have Security Questions?

Our security team is available to help you implement AllChains Node Service securely and address any security concerns or questions you may have.

Contact Security Team