Authentication Overview
Web3 Identity API offers flexible authentication options designed for both Web3-native and traditional applications. Choose the method that best fits your use case and scale requirements.
Quick Comparisonโ
| Method | Daily Limit | Rate Limit | Payment Model | Setup Complexity | Best For |
|---|---|---|---|---|---|
| Anonymous | 100 calls | 100/min | x402 after limit | None | Testing, prototypes |
| SIWE | 200 calls | 200/min | x402 after limit | Wallet signature | Web3 dApps |
| API Key | 10,000+ calls | 1,000/min | Prepaid credits | Key generation | Production backends |
How It Worksโ
Anonymous Accessโ
The simplest way to get started. No authentication requiredโjust make requests.
How It Worksโ
- 100 requests per day per IP address
- 100 requests per minute rate limit
- After daily limit: Pay-per-request via x402
Exampleโ
# No auth needed
curl https://api.web3identity.com/api/ens/resolve/vitalik.eth
Response Headersโ
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 99
X-RateLimit-Reset: 1707350400
When to Useโ
- โ Quick testing and exploration
- โ Low-volume personal projects
- โ Prototyping and development
- โ Production applications (use SIWE or API keys)
SIWE Authenticationโ
Sign-In with Ethereum (EIP-4361) provides wallet-based authentication with enhanced limits.
Benefitsโ
- 2x daily limits (200 calls/day vs 100)
- Wallet-verified identity for audit trails
- No API key management โ uses your existing wallet
- Web3-native authentication flow
Authentication Flowโ
Implementationโ
import { SiweMessage } from 'siwe';
// 1. Get nonce
const { nonce } = await fetch('/api/auth/nonce').then(r => r.json());
// 2. Create and sign message
const message = new SiweMessage({
domain: 'yourapp.com',
address: walletAddress,
statement: 'Sign in to Web3 Identity API',
uri: 'https://api.web3identity.com',
version: '1',
chainId: 1,
nonce
});
const signature = await wallet.signMessage(message.prepareMessage());
// 3. Verify and get token
const { token } = await fetch('/api/auth/verify', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ message: message.prepareMessage(), signature })
}).then(r => r.json());
// 4. Use token in requests
const data = await fetch('/api/ens/resolve/vitalik.eth', {
headers: { 'Authorization': `Bearer ${token}` }
}).then(r => r.json());
When to Useโ
- โ Web3 dApps with wallet connections
- โ User-facing applications
- โ When you need 2x free tier limits
- โ Server-to-server integrations (use API keys)
API Key Authenticationโ
Traditional API key authentication for high-volume production use.
Benefitsโ
- 10,000+ requests/day depending on tier
- 1,000 requests/minute rate limit
- Prepaid credits โ predictable costs
- Server-side friendly โ no wallet required
Tiersโ
| Tier | Daily Limit | Rate Limit | Price |
|---|---|---|---|
| Developer | 10,000 | 500/min | $9/mo |
| Pro | 50,000 | 1,000/min | $29/mo |
| Enterprise | Unlimited | Custom | Contact us |
Implementationโ
# Include API key in header
curl -H "X-API-Key: atv_live_abc123xyz" \
https://api.web3identity.com/api/ens/resolve/vitalik.eth
const response = await fetch('https://api.web3identity.com/api/ens/resolve/vitalik.eth', {
headers: {
'X-API-Key': process.env.WEB3_IDENTITY_API_KEY
}
});
Security Best Practicesโ
Keep Your Keys Safe
- Never expose API keys in client-side code
- Use environment variables for storage
- Rotate keys periodically
- Use separate keys for dev/staging/production
When to Useโ
- โ Backend services and servers
- โ High-volume production applications
- โ Traditional web applications
- โ Client-side JavaScript (keys will be exposed)
x402 Micropaymentsโ
When you exceed free tier limits, pay-per-request with x402 protocol.
How It Worksโ
- Request exceeds daily limit
- API returns
402 Payment Required - Client signs USDC payment on Base
- Include payment proof in retry
- Request succeeds
Pricingโ
| Endpoint Category | Price per Request |
|---|---|
| Basic (ENS, prices) | $0.005 |
| Standard (DeFi, social) | $0.01 |
| Premium (batch, analytics) | $0.02-0.05 |
Choosing the Right Methodโ
Decision Matrixโ
| Scenario | Recommended Auth |
|---|---|
| "I'm just exploring the API" | Anonymous |
| "Building a dApp with wallet connect" | SIWE |
| "Need reliable production access" | API Key |
| "Unpredictable traffic spikes" | SIWE + x402 fallback |
| "Enterprise with SLA requirements" | API Key (Enterprise) |