API Rate Limit for APP

Hi,

As I see, there are API Rate Limits. I suppose that the limit its a IP based control.

My question it’s about how I need to use the API key in an Android app. In this APP will be thousands of users, calling from differents IPs. So the rate limit not will be working, because are different IPs. In other hand, if someone gets the API key from code (or sniffing requests) can force a limit (making thousands of requests per second) and this will be block the API key, and my APP of course.

What I’m forgetting?

if you make web3api requests to your Moralis Server then you can set a rate limit per IP there, and in that case you don’t use the API key hardcoded in the application

When you say “your Moralis Server” are saying that I need to create a backend app in my server as a proxy bettween moralis and my app. And then, in this proxy server I can control the IP requests with my own rate limit config and implementation?

You shouldn’t put API key in the frontend
You can use SDK to query the API without API key https://docs.moralis.io/moralis-server/web3-sdk

And you can set rate limits depending if user is authed or not https://docs.moralis.io/moralis-server/web3-sdk/rate-limit

Hope it helps!