Authentication¶
Chain Sentinel supports multiple authentication methods for both web dashboard and API access.
Web Dashboard Authentication¶
Google OAuth (Recommended)¶
The fastest way to get started:
- Click "Sign in with Google" on the login page
- Select your Google account
- Approve permissions:
- Read your email address
- Read your basic profile info
- Instant access - no email verification needed
Benefits: - ✅ One-click sign in - ✅ No password to remember - ✅ Secure (OAuth 2.0) - ✅ Pre-verified email
Email & Password¶
Traditional authentication method:
- Register with email and password
- Verify your email address
- Log in with credentials
Password Requirements: - Minimum 8 characters - At least one uppercase letter - At least one lowercase letter - At least one number - At least one special character (!@#$%^&*)
Example Strong Password:
Session Management¶
After logging in:
- Session Duration: 7 days
- Auto-logout: After 7 days of inactivity
- Remember Me: Enabled by default
- Multi-device: Can log in from multiple devices
To log out: 1. Click your profile in the sidebar 2. Select "Logout" 3. Session is terminated immediately
API Authentication¶
API Key Authentication¶
All API requests require an API key in the request header.
Getting Your API Key¶
- Log in to app.chainsentinel.net
- Navigate to 🔑 API Keys
- Click "Create New API Key"
- Enter a descriptive name
- Select your tier (Free/Pro/Enterprise)
- Copy the key (shown only once!)
Important
The API key is shown only once during creation. Store it securely!
Using Your API Key¶
Include the API key in the X-API-Key header:
package main
import (
"fmt"
"net/http"
"io/ioutil"
)
func main() {
client := &http.Client{}
req, _ := http.NewRequest("GET",
"https://api.chainsentinel.net/api/tokens", nil)
req.Header.Add("X-API-Key", "your_api_key_here")
resp, _ := client.Do(req)
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
fmt.Println(string(body))
}
Alternative Methods¶
You can also pass the API key via:
Authorization Header:
Query Parameter (not recommended for production):
Security
Query parameters are logged in server logs and browser history. Use headers in production!
Rate Limiting¶
API requests are rate-limited based on your subscription tier:
| Tier | Requests/Day | Requests/Second |
|---|---|---|
| Free | 100 | 1 |
| Pro | 1,000 | 10 |
| Enterprise | Unlimited | 100 |
Rate Limit Headers¶
Every API response includes rate limit information:
X-RateLimit-Limit- Total requests allowed per dayX-RateLimit-Remaining- Requests remaining todayX-RateLimit-Reset- Unix timestamp when limit resets
Handling Rate Limits¶
When you exceed the rate limit, you'll receive:
Status Code: 429 Too Many Requests
Response:
{
"error": "Rate limit exceeded",
"message": "You have exceeded your free tier limit of 100 requests per day",
"tier": "free",
"limit": 100,
"upgrade": "https://chainsentinel.net/pricing"
}
Best Practices: - Cache responses when possible - Implement exponential backoff - Monitor X-RateLimit-Remaining header - Upgrade to Pro tier for higher limits
API Key Management¶
Viewing Your Keys¶
Navigate to 🔑 API Keys to see:
- Key name
- Creation date
- Last used date
- Request count (last 24h)
- Status (active/revoked)
Revoking Keys¶
To revoke a compromised key:
- Go to 🔑 API Keys
- Find the key to revoke
- Click "Revoke"
- Confirm the action
Immediate Effect
Revoked keys stop working immediately. All requests will return 401 Unauthorized.
Key Rotation¶
For security, rotate your API keys regularly:
- Create a new API key
- Update your applications with the new key
- Test that everything works
- Revoke the old key
Recommended Rotation Schedule: - Production: Every 90 days - Development: Every 30 days
Security Best Practices¶
For Web Dashboard¶
✅ Do: - Use strong, unique passwords - Enable Google OAuth when possible - Log out from shared computers - Keep your email secure
❌ Don't: - Share your password - Use the same password across sites - Stay logged in on public computers
For API Keys¶
✅ Do: - Store keys in environment variables - Use different keys for dev/prod - Rotate keys regularly - Monitor usage in dashboard
❌ Don't: - Commit keys to version control - Share keys publicly - Use keys in client-side code - Log keys in application logs
Environment Variables¶
Store API keys securely:
.gitignore¶
Always exclude sensitive files:
Troubleshooting¶
401 Unauthorized¶
Possible causes: - Invalid API key - Revoked API key - Missing X-API-Key header - Expired session (web dashboard)
Solutions: - Verify the API key is correct - Check if key was revoked - Ensure header is included - Log in again (web dashboard)
403 Forbidden¶
Possible causes: - Insufficient permissions - Subscription tier restriction
Solutions: - Check your subscription tier - Upgrade to access premium features - Contact support for permission issues
429 Too Many Requests¶
Possible causes: - Rate limit exceeded - Too many requests in short time
Solutions: - Wait for rate limit reset - Implement request throttling - Upgrade to higher tier - Cache responses
Need Help?¶
- 📖 API Reference
- 📖 FAQ
- 💬 Telegram Community
- 📧 support@chainsentinel.net
Next: Dashboard Guide →