Flow Rest API & gRPC (Access API)
Overview
At QuickNode, we are currently running Flow REST API and Flow gRPC (Access API) endpoints in Beta. In aggregate we serve 100s of billions of requests every month. To make it easier for developers to integrate with QuickNode, we've created this documentation that shows how to make API requests using cURL, JavaScript, Python, go, Ruby and any applicable Web3 SDKs. QuickNode-supported Flow APIs include:
- Flow REST API
- Flow gRPC (Access API)
Flow Network Support
| Network | WSS | HTTPS |
|---|---|---|
| TESTNET | ✅ | ✅ |
| MAINNET | ✅ | ✅ |
Making Flow REST API Requests
In REST API documentation, you will see example requests made with various programming languages for each supported Flow method. This section will explain how to execute each one of them on your machine.
cURL
Most *nix based systems have cURL support out of the box. cURL is a command line tool and library for transferring data with URLs. Check if you have it by running the following:
curl -h
Python
To run our Python code examples, you'll need to have Python installed as well as the requests package. You can install this package with the following command:
python -m pip install requests
JavaScript
To run our JavaScript code examples, you'll need to have Node v18 and up installed. You can follow this official document to install the latest, stable version of Node globally. Check if you have it by running the following:
node -v
Ruby
To run our Ruby code examples, you'll need to have Ruby installed. You can follow this official installation document for more information. Check if you have it by running the following:
ruby -v
Making Flow gRPC (Access API) Requests
In Access API documentation, you will see example requests made with go programming language for each supported Flow method. This section will explain how to execute each one of them on your machine.
go
Go is a statically-typed, compiled language known for its simplicity, efficiency, and strong concurrency support, making it well-suited for developing applications and services. You can follow this official installation document for more information. Check if you have it by running the following:
go version
Authentication Required for Flow gRPC (Access API)
To ensure secure access to Flow gRPC (Access API), users are required to authenticate themselves. This authentication process is necessary before utilizing any method. QuickNode endpoints consist of two crucial components: the endpoint name and the corresponding token. Users will need to use these two components to configure a gRPC client with authentication credentials before they make any method calls.
Throughout this documentation, we will call a getAccessClientWithBasicAuth function that will demonstrate how to handle authentication and is used in each code sample. Here is the code implementation of the getAccessClientWithBasicAuth function as well as a basicAuth implementation of RPC credentials:
import (
"context"
"crypto/tls"
"encoding/base64"
"fmt"
"github.com/onflow/flow/protobuf/go/flow/access"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
)
func getAccessClientWithBasicAuth(endpoint, token string) (access.AccessAPIClient, error) {
target := endpoint + ".flow-mainnet.quiknode.pro:8999" // for TLS connections
client, err := grpc.Dial(target,
grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{})),
grpc.WithPerRPCCredentials(basicAuth{
username: endpoint,
password: token,
}),
)
if err != nil {
return nil, fmt.Errorf("Unable to dial endpoint %w", err)
}
return access.NewAccessAPIClient(client), nil
}
// basicAuth implements the credentials.PerRPCCredentials interface to support basic authentication for grpc requests.
type basicAuth struct {
username string
password string
}
func (b basicAuth) GetRequestMetadata(ctx context.Context, in ...string) (map[string]string, error) {
auth := b.username + ":" + b.password
enc := base64.StdEncoding.EncodeToString([]byte(auth))
return map[string]string{"authorization": "Basic " + enc}, nil
}
func (basicAuth) RequireTransportSecurity() bool {
return false
}
The getAccessClientWithBasicAuth function configures a gRPC client with the necessary security options and establishes a connection to the specified endpoint on port 8999. It takes the endpoint name and token as input parameters and returns an instance of the AccessAPIClient interface, which you can use to make authenticated API calls.
client, err := getAccessClientWithBasicAuth("ENDPOINT_NAME", "TOKEN")
if err != nil {
log.Fatalf("err: %v", err)
}
API Credits
Usage in our pricing plans is measured in API Credits. To learn more about the API Credits for Flow, please visit this page.
Endpoint Authentication Options
Token Authentication
By default, all endpoints created on QuickNode are protected by a token in the URL which looks something like this:
http://sample-endpoint-name.network.quiknode.pro/token-goes-here/
Approved Referrer List
For endpoints on the shared network, you are able to add a list of approved referrers. This requires any HTTP request to send a REFERRER header or any WebSocket request to send an ORIGIN header populated with one of the referrers you entered into our user panel.
Disabling Token Authentication
You can also disable the token authentication completely in your security settings for a given endpoint. This will allow anyone to make requests to the endpoint without the token.
JWT (JSON Web Tokens)
For additional security, you can also enable JWT for each of your deployed endpoints. JWT allows for stateless authentication between you and your endpoint. Learn how to use JWT with QuickNode in this step-by-step guide.
Multiple Authentication Tokens
Create multiple authentication tokens for each of your deployed endpoints. This allows you to revoke any tokens that may be comprised, without needing to restart your non-compromised endpoint.
To roll an individual authentication token, create an additional token and then delete the previous token. Learn more about multiple authentication tokens in this QuickNode guide.
We ❤️ Feedback!
If you have any feedback or questions about this documentation, let us know. We'd love to hear from you!