API keys are essential for secure communication between your custom application, services or product and DotHost’s services. They authenticate requests, ensuring that only authorized applications can access your DotHost account and perform actions. DotHost provides two types of API keys to cater to different needs: Public Keys and Secret Keys.

  • Public API Keys: These are non-sensitive identifiers used on the client side of your application. Public keys can initiate transactions but cannot modify any part of your account.

  • Secret API Keys: On the other hand, these are confidential keys that provide full access to your account’s financial data and operations. Secret keys must be kept secure and should never be exposed in client-side code. Treat them like any other password. If you suspect that your secret key has been compromised, reset it immediately by generating new keys from your dashboard.

Obtaining Your API Keys

To access your API keys:

  1. Login to your dashboard.
  2. Click the profile image icon on the top right side of the screen.
  3. Select Account Settings from the options.
  4. Navigate to API Keys and Webhooks.
  5. In this section, you’ll see both your Public and Secret keys, and a button to Generate New API Keys.
Note: The API keys in test mode are different from the API keys in live mode. Always ensure that you do not misuse the keys when switching between modes.

Generating new API keys

Always keep your API Keys safe to protect your account. If your API Keys are compromised, you can easily generate new ones by clicking the ‘Generate New API Keys’ button under Test Secret Key in the API Keys & Webhooks section in Account Settings.

Once you generate new API keys, the old keys become void and can no longer be used for API calls. Be sure to update your application to use the newly generated keys.

Rate Limit

To maintain optimal performance and ensure fair use of our services, our API enforces the following rate limits:

  • Maximum of 1000 requests: This limit applies to the number of API requests allowed within a specific period.
  • 10-minute window: The request limit is measured over a rolling 10-minute period. This means that at any given time, the number of requests made in the last 10 minutes should not exceed 1000.

Best Practices for Handling Rate Limits

  • Monitor your usage: Implement tracking mechanisms in your application to monitor API request counts in real-time and ensure you stay within the permitted threshold.
  • Implement retry logic: If you receive a rate limit error response, design your application to wait for a reasonable time before retrying the request.
  • Plan batch requests: Where possible, consolidate multiple requests into batch operations to make better use of the request allowance.
  • Graceful error handling: Ensure your application handles rate limit errors (HTTP status code 429 - Too Many Requests) gracefully by alerting users or adjusting its behavior accordingly.

What Happens When You Exceed the Limit?

If your application exceeds the allowed rate limit:

  • You will receive an HTTP 429 - Too Many Requests response status.
  • The response may include a Retry-After header indicating how long to wait before retrying.
Failure to manage rate limits effectively can result in service interruptions for your application. Always ensure your application adheres to these limits to maintain seamless access to the API.

Was this page helpful?

IntroductionErrors