Skip to main content
Relay enforces rate limits to keep the platform reliable for every integrator. You manage API keys in the Relay Dashboard — create new API keys, rotate existing ones, and inspect individual requests. Default limits listed below apply to self-serve API keys.

Creating an API key

API keys are self-serve. To create one:
  1. Sign in to the Relay Dashboard.
  2. Open the API keys tab.
  3. Click Create key, give it a label (e.g. production, staging), and copy the key.
Use a separate key per environment (production, staging, local). Per-key request history makes it easy to spot a misbehaving deploy without revoking the wrong credential.

Tracking requests

The Relay Dashboard is also where you observe what your integration is doing in production:
  • Requests — full history of quotes and intents made with each key, with status, route, amounts, and timing.
  • Advanced filtering — narrow the table by chain, currency, amount, status, time, and more, combining conditions with AND/OR logic to isolate exactly the requests you care about.
  • Custom views — save any combination of filters, sort order, and columns as a reusable view for your team, each with its own name, icon, and color.
  • Keys — create, rename, and revoke keys for your account.
When debugging a specific transaction, paste the requestId from your application into the dashboard’s search to jump straight to the matching record.

Default Rate Limits

The following limits apply per API key:

Elevated Rate Limits

Higher limits are available on request, applied per key: To request higher limits, get in touch through the support widget in the Relay Dashboard.

How to Use an API key

HTTP requests

Pass the key in the request headers on every request:

SDK usage

Proxy API

If you’re calling the SDK from the browser, stand up a proxy that appends the key server-side and point baseApiUrl at it. This keeps the key out of client bundles while preserving your key’s rate limits.

Keeping Your API key Secure

Treat your API key like a password. It’s tied to your account, controls your rate limits, and every request made with it is attributed to you.
If your key is leaked, anyone holding it can consume your rate limits or make requests on your behalf. Revoke and re-create the key in the Relay Dashboard immediately if you suspect it has been compromised.
Best practices:
  • Keep it server-side only — never expose it in client-side or frontend code. Use a proxy API if calling Relay from the browser.
  • Use environment variables — store the key in environment variables, not hardcoded in source code.
  • Don’t commit it to version control — add it to .gitignore or use a secrets manager.
  • Restrict access — only share the key with team members who need it.
  • Rotate regularly — create a new key in the Relay Dashboard and revoke the old one whenever a team member with access leaves.