Skip to main content

Starknet Endpoint Security

Updated on
Oct 03, 2025

QuickNode provides multiple authentication methods to secure your Starknet endpoints. Choose the approach that best fits your application's security requirements and deployment environment.


i
Authentication Feature Availability
Some authentication methods described below require specific plans:
  • Free Trial plan: Token authentication and basic rate limiting
  • Build plan and higher: All authentication methods including JWT, referrer whitelisting, advanced rate limiting, and domain masking
Visit our pricing page for more information

Token-Based Authentication

Each endpoint includes a unique authentication token embedded directly in the URL:


https://your-endpoint-name.starknet.quiknode.pro/your-auth-token/

Header-Based Authentication

Alternatively, you can pass x-token in the Header of the request:


curl https://your-endpoint-name.starknet.quiknode.pro/ \
  -X POST \
  -H "x-token: your-auth-token" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"method_name","params":[],"id":1}'

All requests must include a valid token to be accepted. You can regenerate tokens anytime from your dashboard, and old tokens become invalid immediately upon regeneration. When rotating tokens, create a new one first, update your applications to use the new token, then delete the old one to ensure continuous service availability.

Disabling Token Authentication: For development or testing purposes, you can completely disable token authentication in your endpoint's Security settings, creating a publicly accessible endpoint.

Referrer Whitelisting

You can restrict access to your endpoint by allowing only traffic from specific domains. This helps prevent unauthorized use of your endpoint from browser-based environments.


  • HTTP requests must include a valid Referrer header
  • WebSocket connections must include a valid Origin header
  • Domain matching requires an exact match — wildcards are not supported

Security Limitations: While referrer whitelisting improves security, it is not foolproof. HTTP headers like Referer and Origin can be spoofed or manipulated by attackers using custom HTTP clients or scripts, such as with curl. For example, someone with your endpoint URL and knowledge of the whitelisted domain could craft a request with the correct headers to bypass this restriction. For stronger protection, consider combining referrer whitelisting with other security features like rate limiting or authentication tokens.

Learn More: For detailed setup instructions, see our Referrer Whitelist Configuration Guide

JWT Authentication

JSON Web Tokens (JWT) provide enterprise-grade security through cryptographically signed authentication tokens. Unlike basic token authentication, JWTs allow you to embed custom permissions, user information, and expiration times directly into the token.

JWTs enable stateless authentication between you and your endpoint, making them ideal for applications requiring fine-grained access control, programmatic token generation, and complex permission systems. They're particularly useful for microservices architectures where session storage isn't practical.

For complete implementation details and code examples, see our JWT Implementation Guide

Multiple Authentication Tokens

By default, each QuickNode endpoint comes with a single authentication token. However, you can create additional tokens for the same endpoint, giving you more control over access management and security practices.

Multiple tokens allow you to separate environments (development, staging, production), isolate different applications or services, and rotate tokens without service disruption. This approach also enables individual usage monitoring for better API consumption insights.

For step-by-step instructions, see our Multi-token Setup Guide

Additional Security Features

Build plans and above unlock advanced security controls for enterprise-grade endpoint protection:


  • Method Rate Limiting - Set per-second, per-minute, or per-day limits on specific API calls to prevent abuse and manage resource usage
  • Domain Masking - Replace default QuickNode URLs with your own branded domain for professional endpoints and enhanced security

/>

Share this doc