> ## Documentation Index
> Fetch the complete documentation index at: https://docs.relay.link/llms.txt
> Use this file to discover all available pages before exploring further.
# Rate Limits and API keys
> Authenticate requests and raise your rate limits with a Relay API key
Relay enforces rate limits to ensure platform reliability and fair usage across integrators. Default limits apply to all requests. Higher limits are available via API keys.
## Default Rate Limits (No API key)
The following limits apply when no API key is provided:
| Endpoint | Limit |
| ---------------------- | ----------------------- |
| `/quote` | 50 requests per minute |
| `/requests` | 200 requests per minute |
| `/transactions/status` | 200 requests per minute |
| Other endpoints | 200 requests per minute |
## API key Rate Limits
When using an API key, limits increase and are applied per key:
| Endpoint | Limit |
| ---------------------- | ----------------------- |
| `/quote` | 10 requests per second |
| `/requests` | 10 requests per second |
| `/transactions/status` | 10 requests per second |
| Other endpoints | 200 requests per minute |
API keys are recommended for server-side production integrations and higher-throughput use cases.
## How to Request an API key
Requirements:
1. Must have Relay integrated in a public app.
2. Must have enough activity to hit default API rate limits.
To request an API key (once requirements are met):
1. Fill out the [API key request form](https://forms.gle/uiRVYXhtH8uBqybR9).
2. The Relay team will review within 72 hours.
3. If approved, we will email your unique API key.
## How to Use an API key
### HTTP Requests
Pass the API key in the request headers:
```
x-api-key: YOUR_API_KEY
```
This header should be included on all requests where higher rate limits are required.
### SDK Usage
```jsx Global API key theme={null}
// It is recommended to only set the apiKey parameter when using the SDK server-side.
import {
createClient,
MAINNET_RELAY_API,
} from "@relayprotocol/relay-sdk";
createClient({
baseApiUrl: MAINNET_RELAY_API,
apiKey: "YOUR_API_KEY",
...
//other parameters
});
```
```jsx SDK Action API key theme={null}
// In the case that you prefer not to set a global api key
// you can pass the api key into the headers parameter of the getQuote function.
import { getClient } from "@relayprotocol/relay-sdk";
const quoteParams = {...}
const quote = await getClient()?.actions.getQuote(params, undefined, {
"x-api-key": "YOUR_API_KEY"
});
```
### Proxy API
If using the sdk on the client, create a proxy api which appends the key in the headers and then pass that endpoint into the `baseApiUrl` parameter. This prevents your key from being leaked while allowing you to set up the necessary protection in your proxy api.
```jsx theme={null}
import {
createClient,
MAINNET_RELAY_API,
} from "@relayprotocol/relay-sdk";
createClient({
baseApiUrl: "https://my-proxy.relay.link", //Replace with your proxy endpoint
...
//other parameters
});
```
## Keeping Your API key Secure
Your API key is sensitive — treat it like a password. It is tied to your account, controls your rate limits, and all requests made with it are attributed to you.
If your API key is leaked, unauthorized parties could consume your rate limits or make requests on your behalf. Contact us immediately if you suspect your key has been compromised and we will rotate it for you.
**Best practices:**
* **Keep it server-side only** — never expose it in client-side or frontend code. Use a [proxy API](#proxy-api) if calling Relay from the browser.
* **Use environment variables** — store your key in environment variables, not hardcoded in source code.
* **Don't commit it to version control** — add it to `.gitignore` or use a secrets manager.
* **Restrict access** — only share the key with team members who need it.