Skip to main content

Flow Rest API & gRPC (Access API)

With QuickNode, you get access to our global network which always routes your API requests to the nearest available location, ensuring low latency and fastest speeds.


The QuickNode Flow documentation constantly evolves as the chain undergoes upgrades and changes. We highly recommend cross-referencing with the Flow Documentation for the latest updates.


At QuickNode, we are currently running Flow REST API and Flow gRPC (Access API) endpoints. In aggregate, we serve 100s of billions of requests every month. To make it easier for developers to integrate with QuickNode, we've created this documentation that shows how to make API requests using cURL, JavaScript, Python, go, Ruby and any applicable Web3 SDKs. QuickNode-supported Flow APIs include:

  • Flow REST API
  • Flow gRPC (Access API)

Flow Network Support


Making Flow REST API Requests

In REST API documentation, you will see example requests made with various programming languages for each supported Flow method. This section will explain how to execute each one of them on your machine.


Most *nix based systems have cURL support out of the box. cURL is a command line tool and library for transferring data with URLs. Check if you have it by running the following:

curl -h


To run our Python code examples, you'll need to have Python installed as well as the requests package. You can install this package with the following command:

python -m pip install requests


To run our JavaScript code examples, you'll need to have Node v18 and up installed. You can follow this official document to install the latest, stable version of Node globally. Check if you have it by running the following:

node -v


To run our Ruby code examples, you'll need to have Ruby installed. You can follow this official installation document for more information. Check if you have it by running the following:

ruby -v

Making Flow gRPC (Access API) Requests

In Access API documentation, you will see example requests made with go programming language for each supported Flow method. This section will explain how to execute each one of them on your machine.


Go is a statically-typed, compiled language known for its simplicity, efficiency, and strong concurrency support, making it well-suited for developing applications and services. You can follow this official installation document for more information. Check if you have it by running the following:

go version

Authentication Required for Flow gRPC (Access API)

To ensure secure access to Flow gRPC (Access API), users are required to authenticate themselves. This authentication process is necessary before utilizing any method. QuickNode endpoints consist of two crucial components: the endpoint name and the corresponding token. Users will need to use these two components to configure a gRPC client with authentication credentials before they make any method calls.

Throughout this documentation, we will call a getAccessClientWithBasicAuth function that will demonstrate how to handle authentication and is used in each code sample. Here is the code implementation of the getAccessClientWithBasicAuth function as well as a basicAuth implementation of RPC credentials:

import (

func getAccessClientWithBasicAuth(endpoint, token string) (access.AccessAPIClient, error) {
target := endpoint + "" // for TLS connections
client, err := grpc.Dial(target,
username: endpoint,
password: token,
if err != nil {
return nil, fmt.Errorf("Unable to dial endpoint %w", err)
return access.NewAccessAPIClient(client), nil

// basicAuth implements the credentials.PerRPCCredentials interface to support basic authentication for grpc requests.
type basicAuth struct {
username string
password string

func (b basicAuth) GetRequestMetadata(ctx context.Context, in ...string) (map[string]string, error) {
auth := b.username + ":" + b.password
enc := base64.StdEncoding.EncodeToString([]byte(auth))
return map[string]string{"authorization": "Basic " + enc}, nil

func (basicAuth) RequireTransportSecurity() bool {
return false

The getAccessClientWithBasicAuth function configures a gRPC client with the necessary security options and establishes a connection to the specified endpoint on port 8999. It takes the endpoint name and token as input parameters and returns an instance of the AccessAPIClient interface, which you can use to make authenticated API calls.

client, err := getAccessClientWithBasicAuth("ENDPOINT_NAME", "TOKEN")
if err != nil {
log.Fatalf("err: %v", err)

API Credits

Usage in our pricing plans is measured in API Credits. To learn more about the API Credits for Flow, please visit this page.

Endpoint Rate Limits

To ensure fair usage and service stability, we apply the following rate limits on requests to our public and paid access endpoints:

Service CategoryPublic Rate LimitPaid Rate LimitCustom Rate Limit
SendTransaction50 requests/second2000 requests/secondContact Us
ExecuteScript Calls (Includes ExecuteScriptAtLastestBlock, ExecuteScriptAtBlockID, and ExecuteScriptAtBlockHeight)5 requests/second100 requests/secondContact Us
GetEvents30 requests/second100 requests/secondContact Us
Other Get Requests (e.g., GetBlock, GetCollection, etc.)100 requests/second2000 requests/secondContact Us

Please design your applications to respect these limits. Contact us if you have questions or need adjustments to these limits.

Endpoint Authentication Options


Please note that setting JWT (JSON Web Tokens), configuring all whitelist options, and changing any rate limits beyond credits per second are only available to users on the Build plan or above. Users on the Discover/Discover+ plans can only change their credits per second rate limit or add, use, and delete an authentication token. Visit our pricing page for more information.

Token Authentication

By default, all endpoints created on QuickNode are protected by a token in the URL which looks something like this:

Approved Referrer List

For endpoints on the shared network, you are able to add a list of approved referrers. This requires any HTTP request to send a REFERRER header or any WebSocket request to send an ORIGIN header populated with one of the referrers you entered into our user panel.

Disabling Token Authentication

You can also disable the token authentication completely in your security settings for a given endpoint. This will allow anyone to make requests to the endpoint without the token.

JWT (JSON Web Tokens)

For additional security, you can also enable JWT for each of your deployed endpoints. JWT allows for stateless authentication between you and your endpoint. Learn how to use JWT with QuickNode in this step-by-step guide.

Multiple Authentication Tokens

Create multiple authentication tokens for each of your deployed endpoints. This allows you to revoke any tokens that may be comprised, without needing to restart your non-compromised endpoint.

To roll an individual authentication token, create an additional token and then delete the previous token. Learn more about multiple authentication tokens in this QuickNode guide.

Secure Your QuickNode Flow Endpoint

Enhance the security of your QuickNode RPC endpoints using the Endpoint Armor add-on. This add-on provides a secure URL for safer public and front-end usage, allowing you to control access, set rate limits, and restrict methods for heightened security and streamlined management. You can find more information about Endpoint Armor on this page.

We ❤️ Feedback!

If you have any feedback or questions about this documentation, let us know. We'd love to hear from you!

Share this doc