What is Endpoint Armor?
Endpoint Armor is a security add-on developed by QuickNode, which allows you to restrict your QuickNode endpoint to specific methods and set rate limits for each method. Endpoint Armor guards your endpoint against exploitation in public-facing uses, such as operating a front-end website for a decentralized app. It does this by providing a secure URL that is rate limited and configurable to your specific usage. You can also set global rate limits for the entire endpoint, as well as rate limits per unique visitor.
Endpoint Armor's Primary Features
- Endpoint Rate Limits: These are global rate limits that apply to the entire endpoint, providing an overarching control mechanism for managing traffic to the endpoint.
- Visitor Rate Limits: These limits are specific to each unique visitor to a website, ensuring that rate limits apply individually to different users accessing the endpoint.
- Method Limitations: This feature allows only the methods explicitly listed in this setting, with the option to set either method-specific rate limits or global rate limits.
Please note that the typical QuickNode URLs with authentication tokens will not be affected by this configuration and can still be used normally. Only the secure URL generated by Endpoint Armor will have these settings applied.
Ideal Security Settings
When enabling Endpoint Armor on an endpoint, ensure that token-based authentication is enabled, as the primary security measure. Please be aware that disabling token-based authentication will result in Endpoint Armor not functioning as intended. To maintain a seamless and effective security setup, please don't make changes to other security page settings, as doing so may impact the proper functioning of Endpoint Armor.
Configuration Structure
The configuration JSON object consists of several keys, each representing different aspects of rate limiting and method access control.
endpointRateLimits
endpointRateLimits key specifies the global rate limits for the entire endpoint. These limits are applied irrespective of the individual method or visitor, providing an overarching control mechanism for managing the traffic to the endpoint. The endpointRateLimits can be specified in the following ways (all are optional):
- reqPerHour: Defines the maximum number of requests that can be made to the endpoint in an hour.
- reqPerMinute: Sets the maximum number of requests allowed per minute.
- reqPerSecond: Limits the number of requests to a per-second maximum.
endpointRateLimits Configuration Example
{
"methods": {
"ledger_data": "enabled"
},
"endpointRateLimits": {
"reqPerHour": 1000,
"reqPerMinute": 20,
"reqPerSecond": 1
}
}
visitorRateLimits
visitorRateLimits defines the rate limits applied per unique visitor to a website. These limits are particularly relevant when requests include headers from a browser, indicating they are originating from individual users as opposed to server-side processes. The visitorRateLimits can be specified in the following ways (all are optional):
- reqPerHour: Maximum number of requests allowed per hour.
- reqPerMinute: Maximum number of requests allowed per minute.
- reqPerSecond: Maximum number of requests allowed per second.
visitorRateLimits Configuration Example
{
"methods": {
"ledger_data": "enabled"
},
"visitorRateLimits": {
"reqPerMinute": 10
}
}
methods
methods object is an allowlist of methods that are permitted for the endpoint. Each key within this object corresponds to a valid method name. The value associated with each method key can be a string "enabled" to simply enable the method, or an object specifying various rate limits. For a method to be used on the endpoint, it must be specified in this object. For each method, the following rate limits can be specified (all are optional):
- reqPerHour: Maximum number of requests allowed per hour.
- reqPerMinute: Maximum number of requests allowed per minute.
- reqPerSecond: Maximum number of requests allowed per second.
Methods Configuration Example 1
{
"methods": {
"ledger_data": {
"reqPerHour": 1000,
"reqPerMinute": 100,
"reqPerSecond": 10
}
}
}
In this example, the method ledger_data
is allowed with specific rate limits set for requests per hour, minute, and second.
Methods Configuration Example 2
{
"methods": {
"ledger_data": "enabled"
}
}
In this example, the method ledger_data
is allowed with no rate limits.
To learn more about how to use Endpoint Armor, refer to our comprehensive guide on Endpoint Armor.
We ❤️ Feedback!
If you have any feedback or questions about this documentation, let us know. We'd love to hear from you!