Skip to main content
Relay enforces rate limits to keep the platform reliable for every integrator. Default limits apply to unauthenticated traffic; an API key raises those limits and attributes each request to your account. You manage keys in the Relay Dashboard — create new keys, rotate existing ones, and inspect individual requests.

Creating an API key

API keys are self-serve. To create one:
  1. Sign in to the Relay Dashboard.
  2. Open the API keys tab.
  3. Click Create key, give it a label (e.g. production, staging), and copy the key.
Use a separate key per environment (production, staging, local). Per-key request history makes it easy to spot a misbehaving deploy without revoking the wrong credential.

Tracking requests

The Relay Dashboard is also where you observe what your integration is doing in production:
  • Requests — full history of quotes and intents made with each key, with status, route, amounts, and timing.
  • Advanced filtering — narrow the table by chain, currency, amount, status, time, and more, combining conditions with AND/OR logic to isolate exactly the requests you care about.
  • Custom views — save any combination of filters, sort order, and columns as a reusable view for your team, each with its own name, icon, and color.
  • Keys — create, rename, and revoke keys for your account.
When debugging a specific transaction, paste the requestId from your application into the dashboard’s search to jump straight to the matching record.

Default Rate Limits (no API key)

The following limits apply to unauthenticated requests:

API key Rate Limits

Authenticated requests get higher limits, applied per key: API keys are recommended for server-side production integrations and higher-throughput use cases.

How to Use an API key

HTTP requests

Pass the key in the request headers on every call where you want elevated limits:

SDK usage

Proxy API

If you’re calling the SDK from the browser, stand up a proxy that appends the key server-side and point baseApiUrl at it. This keeps the key out of client bundles while preserving elevated limits.

Keeping Your API key Secure

Treat your API key like a password. It’s tied to your account, controls your rate limits, and every request made with it is attributed to you.
If your key is leaked, anyone holding it can consume your rate limits or make requests on your behalf. Revoke and re-create the key in the Relay Dashboard immediately if you suspect it has been compromised.
Best practices:
  • Keep it server-side only — never expose it in client-side or frontend code. Use a proxy API if calling Relay from the browser.
  • Use environment variables — store the key in environment variables, not hardcoded in source code.
  • Don’t commit it to version control — add it to .gitignore or use a secrets manager.
  • Restrict access — only share the key with team members who need it.
  • Rotate regularly — create a new key in the Relay Dashboard and revoke the old one whenever a team member with access leaves.