API Authentication Guide: Secure Your API Keys and Credentials
Your API key is like a password to your SMM panel account. Lose it, and someone can drain your balance. This guide shows you how to secure it, rotate it, and use it safely.
Step 1: Generate Your API Key
In your CurvePioneer dashboard:
- Go to Settings → API Keys
- Click Generate New Key
- Choose a name (e.g., "Production API")
- Select expiration date (365 days recommended)
- Copy the key immediately (you won't see it again)
⚠️ WARNING: Never share your API key. Never commit it to Git. Never paste it in Slack. If you suspect it's compromised, regenerate it immediately.
Step 2: Store Your Key Safely
❌ Wrong: Hardcode in code
const apiKey = "sk_live_abc123def456";
// DON'T DO THIS - commits to Git, visible in history
✅ Right: Environment variables
# .env.local
SMM_API_KEY=sk_live_abc123def456
# In code:
const apiKey = process.env.SMM_API_KEY;
Step 3: Use the API Securely
Example: Place an Order
curl -X POST https://api.curvepioneer.com/v1/orders \
-H "Authorization: Bearer sk_live_abc123" \
-H "Content-Type: application/json" \
-d '{
"service_id": "instagram_followers",
"link": "https://instagram.com/yourprofile",
"quantity": 100,
"delivery_curve": "organic_24h"
}'API Key Rotation (Best Practice)
Rotate your API key every 90 days to minimize risk:
- Generate a new API key
- Update your application to use the new key
- Test thoroughly
- Deactivate the old key
Rate Limiting & Throttling
The CurvePioneer API has rate limits to protect against abuse:
Rate Limits:
- 100 requests per minute (standard tier)
- 500 requests per minute (premium tier)
- 10,000 requests per hour (enterprise)
If you hit the rate limit, you'll get a 429 response. Wait 60 seconds before retrying.
Pro tip: Batch your requests. Instead of 100 individual API calls, use batch endpoints to create 100 orders in 1 call.