Authentication
Currently, Shield's public-facing API endpoints do not require authentication. This page documents the current authentication state and plans for future authentication options.
Current Authentication Status
The following endpoints are publicly accessible without authentication:
/info
GET
No
/rpc
POST
No
The /metrics endpoint and any administrative functions require internal authentication and are not publicly accessible.
Authentication Roadmap
Shield plans to introduce authentication options in future releases to better serve enterprise customers and provide enhanced service levels.
Planned Authentication Methods
Authentication will likely be implemented using one of the following methods:
API Key Authentication
API keys provided in the request header
Key management through a customer portal
Different tiers of API keys with varying rate limits
JSON Web Token (JWT) Authentication
Time-limited access tokens
Refresh token mechanism for continued access
Role-based access control
Rate Limiting
Even without authentication, Shield implements rate limiting based on IP address to ensure service availability for all users. See the Rate Limits & Quotas page for details.
Beta Access Programs
For customers requiring custom integration options or higher transaction volumes, Shield offers beta access programs with custom authentication options. Contact our support team for more information.
Best Practices
While authentication is not currently required, we recommend implementing your application with authentication in mind:
Structure your code to easily add authentication headers when they become available
Consider implementing a configuration option for API credentials in your application
Follow secure credential management practices for when authentication is introduced
Future Documentation
This page will be updated when authentication methods are officially implemented. Subscribe to our newsletter or follow Rebar Labs on social media to stay informed about API changes and new features.
Last updated