How to get a UniSat API key for developers? (Developer Tools)

Accessing UniSat Developer Portal

1. Navigate to the official UniSat website and locate the “Developer” or “API” section in the main navigation menu.

2. Click on the link labeled “Developer Tools” or “API Documentation”, which redirects to a dedicated subdomain or path such as https://dev.unisat.io.

3. Ensure your browser is not blocking third-party cookies, as the portal relies on session-based authentication for account creation and key generation.

4. If you do not yet have a UniSat wallet extension installed, download and set it up from the Chrome Web Store or Firefox Add-ons before proceeding.

5. Sign in using your UniSat wallet — the system verifies ownership through a cryptographic signature challenge rather than email/password credentials.

Registering an Application

1. Once authenticated, go to the “Applications” tab inside the developer dashboard.

2. Click the “+ New Application” button to initiate registration.

3. Enter a descriptive name for your project, such as “Bitcoin NFT Explorer” or “Ordinal Indexer Bot”.

4. Provide a valid callback URL — this must be an HTTPS endpoint where UniSat can send webhook notifications for events like inscription confirmations.

5. Select permissions required by your application: read-only access to blockchain data, inscription metadata retrieval, or full wallet interaction capabilities.

Generating and Managing API Keys

1. After submitting the application form, UniSat generates a unique client ID and displays it alongside a secret API key in a single-use modal window.

2. Copy both values immediately — the secret key is masked after first view and cannot be retrieved again from the interface.

3. Store the secret key in a secure environment variable or vault; exposing it in frontend code or public repositories compromises your application’s security.

4. Use the client ID as the X-Client-ID header and the secret key as the X-API-Key header when making HTTP requests to endpoints like /v1/inscriptions or /v1/transactions.

5. Revoke compromised keys via the “Revoke Key” option under the application’s settings — revocation takes effect within 60 seconds across all UniSat infrastructure nodes.

Rate Limits and Usage Constraints

1. Free-tier applications are limited to 1,000 requests per hour with bursts capped at 100 requests per minute.

2. Each API key is bound to a specific application ID — attempting to use one key across multiple registered apps triggers automatic throttling.

3. Requests returning HTTP status 429 indicate that your current rate limit has been exceeded; responses include a Retry-After header specifying seconds until next allowed call.

4. Bulk operations such as fetching inscription lists exceeding 500 entries require pagination parameters (limit and offset) — omitting them results in truncated responses.

5. All timestamps returned by the API follow ISO 8601 format with UTC timezone, and block height values reflect confirmed Bitcoin mainnet blocks only.

Frequently Asked Questions

Q: Can I use the same UniSat API key across multiple domains?A: No. Each domain must be explicitly registered during application setup. Cross-domain usage triggers CORS rejection and invalidates the request before reaching backend services.

Q: Does UniSat support API key rotation without downtime?A: Yes. Generate a new key while the old one remains active, update your service configuration, then revoke the previous key once verification confirms stable operation.

Q: Are testnet inscriptions accessible via the production API?A: No. The production API exclusively serves mainnet data. A separate testnet endpoint exists at https://testnet-api.unisat.io, requiring its own application registration and key.

Q: What happens if my application exceeds daily quota thresholds?A: Requests fail with HTTP 403 Forbidden and include a X-RateLimit-Remaining header showing zero. Quotas reset at midnight UTC regardless of usage patterns.