Access & Authentication

HighTower uses IP allowlisting instead of API keys. Your endpoint only accepts traffic from IP addresses we've explicitly added to the allowlist — no headers, no tokens.

How to Get Access

  1. Fill out the request form on our website
  2. We reach out within 8 hours, ask for your IPv4 address(es), and add them to the allowlist
  3. We provision your endpoint and send you a URL like http://cute-rabbit.by.supanode.xyz:8899/ — plug it into your app and go

Managing Your IP Allowlist

  • You can have multiple IPs per endpoint (useful for distributed setups or failover)
  • To add or change an IP — submit the form again or reach out to your account contact
  • Allowlist changes propagate within minutes, occasionally up to 2 hours

No Other Auth Methods

There are no API keys, JWT tokens, or header-based auth. If a request comes from an IP that's not on the allowlist, it gets a 401 or 403.

For dedicated deployments, we can discuss alternative auth setups (e.g., mTLS) if your architecture requires it — just mention it in your request form.

TLS Status

Current shared-tier endpoints operate over plain HTTP/WS (no TLS). Your on-chain transaction signatures are cryptographically secured regardless of transport layer, but connection metadata (endpoint URL, IP) travels unencrypted. Dedicated nodes can be set up with HTTPS/WSS — see Dedicated Servers.

IntroductionShared Servers