QuickNode provides multiple authentication methods to secure your Ethereum endpoints. Choose the approach that best fits your application's security requirements and deployment environment.

i

Authentication Feature Availability

Some authentication methods described below require specific plans:

• Free plan: Token authentication and basic rate limiting
• Build plan and higher: All authentication methods including JWT, referrer whitelisting, advanced rate limiting, and domain masking

Visit our pricing page for more information

Token-Based Authentication

QuickNode endpoints use token-based authentication by default. Each endpoint includes a unique authentication token embedded directly in the URL:

https://your-endpoint-name.ethereum.quiknode.pro/your-auth-token/

All requests must include this token to be accepted. You can regenerate tokens anytime from your dashboard, and old tokens become invalid immediately upon regeneration. When rotating tokens, create a new one first, update your applications to use the new token, then delete the old one to ensure continuous service availability.

Disabling Token Authentication: For development or testing purpose, you can completely disable token authentication in your endpoint's Security settings, creating a publicly accessible endpoint.

Referrer Whitelisting

You can restrict access to your endpoint by allowing only traffic from specific domains. This helps prevent unauthorized use of your endpoint from browser-based environments.

• HTTP requests must include a valid Referrer header
• WebSocket connections must include a valid Origin header
• Domain matching requires an exact match — wildcards are not supported

Security Limitations: While referrer whitelisting improves security, it is not foolproof. HTTP headers like Referer and Origin can be spoofed or manipulated by attackers using custom HTTP clients or scripts, such as with curl. For example, someone with your endpoint URL and knowledge of the whitelisted domain could craft a request with the correct headers to bypass this restriction. For stronger protection, consider combining referrer whitelisting with other security features like rate limiting or authentication tokens.

Learn More: For detailed setup instructions, see our Referrer Whitelist Configuration Guide

JWT Authentication

JSON Web Tokens (JWT) provide enterprise-grade security through cryptographically signed authentication tokens. Unlike basic token authentication, JWTs allow you to embed custom permissions, user information, and expiration times directly into the token.

JWTs enable stateless authentication between you and your endpoint, making them ideal for applications requiring fine-grained access control, programmatic token generation, and complex permission systems. They're particularly useful for microservices architectures where session storage isn't practical.

For complete implementation details and code examples, see our JWT Implementation Guide

Multiple Authentication Tokens

By default, each QuickNode endpoint comes with a single authentication token. However, you can create additional tokens for the same endpoint, giving you more control over access management and security practices.

Multiple tokens allow you to separate environments (development, staging, production), isolate different applications or services, and rotate tokens without service disruption. This approach also enables individual usage monitoring for better API consumption insights.

For step-by-step instructions, see our Multi-token Setup Guide

Additional Security Features

Build plans and above unlock advanced security controls for enterprise-grade endpoint protection:

• Method Rate Limiting - Set per-second, per-minute, or per-day limits on specific API calls to prevent abuse and manage resource usage
• Domain Masking - Replace default QuickNode URLs with your own branded domain for professional endpoints and enhanced security

Security Resources

JWT Authentication Implementation

Learn how to implement JSON Web Token authentication for your QuickNode endpoints with step-by-step examples and best practices.

Setup Multi-Token Authentication

Set up multiple authentication tokens for better security management, token rotation, and environment isolation.

Referrer Whitelist Configuration

Configure referrer whitelisting to restrict endpoint access to specific domains and enhance browser-based application security.

Front-End Security Best Practices

Comprehensive guide to securing your front-end applications when using QuickNode endpoints, including key management and rate limiting strategies.

Method Rate Limiting & Testing

Control the frequency of specific API calls with per-second, per-minute, or per-day limits for enhanced endpoint protection.

How to Setup Domain Masking

Use your own branded domain for endpoint URLs instead of the default QuickNode format for better branding and security.