Access & Authentication

HighTower uses IP allowlisting instead of API keys. Your endpoint only accepts traffic from IP addresses we've explicitly added to the allowlist — no headers, no tokens.

How to Get Access

  1. Open a ticket in Discord (#service-ticket)
  2. Send us your IPv4 address(es)
  3. We provision an endpoint and allowlist your IPs
  4. You get a URL like http://cute-rabbit.by.supanode.xyz:8899/ — plug it into your app and go

The whole process usually takes from several minutes to a couple of hours.

Managing Your IP Allowlist

  • You can have multiple IPs per endpoint (useful for distributed setups or failover)
  • To add or change an IP — reply to your existing ticket or open a new one
  • Allowlist changes propagate within minutes, occasionally up to 2 hours

No Other Auth Methods

There are no API keys, JWT tokens, or header-based auth. If a request comes from an IP that's not on the allowlist, it gets a 401 or 403.

For dedicated deployments, we can discuss alternative auth setups (e.g., mTLS) if your architecture requires it — just bring it up in the ticket.

TLS Status

Current shared-tier endpoints operate over plain HTTP/WS (no TLS). Your on-chain transaction signatures are cryptographically secured regardless of transport layer, but connection metadata (endpoint URL, IP) travels unencrypted. Dedicated nodes can be set up with HTTPS/WSS — see Dedicated Servers.

IntroductionShared Servers