Default Rate Limits (No API key)
The following limits apply when no API key is provided:API key Rate Limits
When using an API key, limits increase and are applied per key:
API keys are recommended for server-side production integrations and higher-throughput use cases.
How to Get an API key
Create an API key in the Relay Dashboard.How to Use an API key
HTTP Requests
Pass the API key in the request headers:SDK Usage
Proxy API
If using the sdk on the client, create a proxy api which appends the key in the headers and then pass that endpoint into thebaseApiUrl parameter. This prevents your key from being leaked while allowing you to set up the necessary protection in your proxy api.
Keeping Your API key Secure
Your API key is sensitive — treat it like a password. It is tied to your account, controls your rate limits, and all requests made with it are attributed to you. Best practices:- Keep it server-side only — never expose it in client-side or frontend code. Use a proxy API if calling Relay from the browser.
- Use environment variables — store your key in environment variables, not hardcoded in source code.
- Don’t commit it to version control — add it to
.gitignoreor use a secrets manager. - Restrict access — only share the key with team members who need it.