Credential types at a glance
1. Platform login
You authenticate as a user with email/password (or SSO) to access the GoldRush Platform. The Platform is where you:- Configure pipelines through the UI.
- Manage billing and your subscription.
- Create and rotate API keys.
- Create and rotate ServiceKeys.
Vibe Coders
$10/mo - Built for solo builders and AI-native workflows.
Teams
$250/mo - Production-grade with 50 RPS and priority support.
2. API keys (read-only)
A regular GoldRush API key is a read-only programmatic credential. It works against:- Foundational API - REST queries for balances, transactions, NFTs, etc.
- Streaming API - GraphQL/WebSocket subscriptions and queries.
- CLI - all
goldrushcommands. - x402 - pay-per-request proxy.
3. ServiceKeys (Pipeline CRUD)
A ServiceKey is a programmatic credential scoped specifically to pipeline management. Use it to:- List, create, update, pause, resume, and delete pipelines via the REST API.
- Poll status, logs, metrics, and destination health.
- Drive pipeline configuration from CI/CD, infrastructure-as-code, or scripts.
Destination credentials
Destination credentials (database passwords, webhook tokens, S3 access keys) are part of your pipeline configuration, not an authentication mechanism for GoldRush itself. You provide them when creating or updating a pipeline:****** when read back through the REST API. They are never exposed in logs or the UI after being set.
Because secrets read back as
******, never echo them back in a write. Use PATCH to rotate a secret by sending the new value in destination_config.Error handling
For a complete guide to error codes, retry strategies, and debugging tips, see Error Handling & Troubleshooting.
FAQ
-
Can I use the same key for all GoldRush products?
- No. API keys cover the read-only products (Foundational, Streaming, CLI, x402). ServiceKeys cover the Pipeline REST API. Platform login is separate.
-
Where do I create a ServiceKey?
- On the GoldRush Platform, under your account settings. See Service Keys.
-
How are destination credentials stored?
- Encrypted at rest, injected at deploy time, masked as
******on read. They are never exposed in logs or the UI after being set.
- Encrypted at rest, injected at deploy time, masked as
-
Do I need to allowlist GoldRush IP addresses?
- If your destination is behind a firewall, yes. Contact support for the current egress IP list.