Skip to main content
During development, you can use the developer endpoints without an API key. For production use, you’ll need an API key to avoid rate limits.

Using Your API Key

Include your API key in all requests to the APIs by setting the x-api-key header. All production deployments must use an API key, otherwise you will be rate limited.
For GET requests, include the API key in the request headers:
const API_KEY = process.env.DFLOW_API_KEY; // or your API key
const API_BASE_URL = "https://dev-quote-api.dflow.net";

const queryParams = new URLSearchParams();
queryParams.append("inputMint", SOL);
queryParams.append("outputMint", USDC);
queryParams.append("amount", amount.toString());
queryParams.append("slippageBps", slippageBps.toString());
queryParams.append("userPublicKey", keypair.publicKey.toBase58());

const response = await fetch(
  `${API_BASE_URL}/order?${queryParams.toString()}`,
  {
    headers: {
      "x-api-key": API_KEY,
    },
  }
).then((x) => x.json());
For POST requests, include the API key alongside other headers:
const API_KEY = process.env.DFLOW_API_KEY; // or your API key
const API_BASE_URL = "https://dev-quote-api.dflow.net";

const response = await fetch(`${API_BASE_URL}/submit-intent`, {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "x-api-key": API_KEY,
  },
  body: JSON.stringify({
    quoteResponse: intentData,
    signedOpenTransaction: Buffer.from(openTransaction.serialize()).toString(
      "base64"
    ),
  }),
});
const submitIntentData = await response.json();

WebSocket Authentication

WebSocket connections require both an API key and a WebSocket endpoint. Apply for credentials at https://pond.dflow.net/build/api-key. When using WebSockets, include your API key in the x-api-key header rather than a URL query parameter. 
import "dotenv/config";

const API_KEY = process.env.DFLOW_API_KEY;
const WS_URL = process.env.DFLOW_PREDICTION_MARKETS_WS_URL;

if (!WS_URL || !API_KEY) {
  throw new Error(
    "Missing websocket credentials. Set DFLOW_PREDICTION_MARKETS_WS_URL and DFLOW_API_KEY."
  );
}

const ws = new WebSocket(WS_URL, {
  headers: {
    "x-api-key": API_KEY,
  },
});

Security Best Practices

  • Store your API key securely using environment variables.
  • Never commit API keys to version control.
  • Rotate your API key if it’s ever exposed.

Getting Help

If you need an API key or have questions about rate limits, reach out to us.

API Routes

Cookbook Repository

This recipe, along with many more, is available in the DFlow Cookbook Repo. You can clone it and start coding immediately.

Need Help?

Email Support

Reach out to our team at [email protected] for technical support, partnership inquiries, or general questions.
https://mintcdn.com/dflow/1sRZLACO4FsKK-8y/images/meteor-icons_discord.svg?fit=max&auto=format&n=1sRZLACO4FsKK-8y&q=85&s=859a370844c51dc45ef18cb64ff10b58

Join Our Discord

Connect with other developers, get help, and stay updated on the latest DFlow developments.
https://mintcdn.com/dflow/_ksqRQZBXLZ5y-Un/images/meteor-icons_telegram.svg?fit=max&auto=format&n=_ksqRQZBXLZ5y-Un&q=85&s=8bd9b17595765f82a1a646169e80bfe1

Dev Notifications

Join the DFlow Dev Notifications Telegram group to stay in the loop on new features and other announcements.