Skip to content

Add TON Center API v2 auth details page #1494

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
laviniat1996 wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

Add TON Center API v2 auth details page #1494

laviniat1996 wants to merge 5 commits into from

Conversation

@laviniat1996
Copy link
Collaborator

@laviniat1996 laviniat1996 commented Dec 1, 2025

closes #1025

Adds a page that explains how devs can use the API keys for v2 API

@github-actions

This comment has been minimized.

Sign in to view
@laviniat1996
Copy link
Collaborator Author

laviniat1996 commented Dec 1, 2025

/review

@laviniat1996 laviniat1996 self-assigned this Dec 1, 2025
github-actions[bot]
github-actions bot reviewed Dec 1, 2025
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates in ecosystem/api/toncenter/v2-authentication.mdx: I’ve left a couple of suggestions, so please apply the inline suggestions.

@laviniat1996
Copy link
Collaborator Author

laviniat1996 commented Dec 1, 2025

/review

@laviniat1996 laviniat1996 added the 3p Reviewed by someone else (a third party). Used for filtering PRs. Don't mind this. label Dec 1, 2025
github-actions[bot]
github-actions bot reviewed Dec 1, 2025
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No documentation issues detected.

reveloper
reveloper requested changes Dec 8, 2025
View reviewed changes
ecosystem/api/toncenter/v2-authentication.mdx

## Overview

The API v2 requires an API key for all methods, including the JSON-RPC endpoint.
Copy link
Collaborator

@reveloper reveloper Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Screenshot 0007-12-08 at 14 57 14

The requirement of the API key should be specified accurately. An API key is required if the developer desires to make more than one request per second. There is no method that is fully limited by the API Key, just for RPS>1 user will get the HTTP Error 429:

Screenshot 0007-12-08 at 15 04 37

ecosystem/api/toncenter/v2-authentication.mdx

**Definitions:**

- `<HOST>` - The base URL of the TON Center API instance (`toncenter.com` for example).
Copy link
Collaborator

@reveloper reveloper Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of a "for example" structure, let's accurately specify public hosts. It may be a 2-row table HOST for the Testnet and HOST the Mainnet environments.
Screenshot 0007-12-08 at 15 09 09

ecosystem/api/toncenter/v2-authentication.mdx
The API v2 requires an API key for all methods, including the JSON-RPC endpoint.
The key can be sent either in an HTTP header or as a query parameter.

To obtain an API key, see the [TON Center API key guide](/ecosystem/api/toncenter/get-api-key).
Copy link
Collaborator

@reveloper reveloper Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have any expiration limit on the API key? Are there any recommendations to rotate the API key?

ecosystem/api/toncenter/v2-authentication.mdx
The key can be sent either in an HTTP header or as a query parameter.

To obtain an API key, see the [TON Center API key guide](/ecosystem/api/toncenter/get-api-key).

Copy link
Collaborator

@reveloper reveloper Dec 8, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a danger reminder of the importance of securely storing the API key.

Example:

Security
Prefer read‑only tokens for public access, scope server 
tokens to only what you need, rotate long‑lived 
tokens, and store them in a secrets manager. 
Never expose admin tokens in client‑side code.

Extra reference: https://docs.stripe.com/keys-best-practices

ecosystem/api/toncenter/v2-authentication.mdx
"method": "getMasterchainInfo",
"params": {}
}'
```
Copy link
Collaborator

@reveloper reveloper Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we specify the error codes related to API-KEYs here?

cc @kdimentionaltree

@reveloper reveloper marked this pull request as draft December 8, 2025 07:40
@reveloper reveloper added the scope: api OpenAPI specs and relevant sub-directories in the /ecosystem/rpc folder label Dec 8, 2025
@reveloper reveloper mentioned this pull request Dec 9, 2025
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@reveloper reveloper reveloper requested changes

@kdimentionaltree kdimentionaltree Awaiting requested review from kdimentionaltree

Requested changes must be addressed to merge this pull request.

Assignees

@laviniat1996 laviniat1996

Labels

3p Reviewed by someone else (a third party). Used for filtering PRs. Don't mind this. scope: api OpenAPI specs and relevant sub-directories in the /ecosystem/rpc folder

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[TON Center > API/v2 > Authentication]

3 participants

@laviniat1996 @reveloper