Authentication
API keys, wallet-bound keys via MetaMask signature, and machine identity via HTTP 402.
Satelink has three ways to identify a caller, in increasing order of capability. None of them require a password or an email.
1. Anonymous (free tier)
No credentials at all. The gateway meters by source IP: 500 calls/day per IP, also capped per /24 subnet. Exceeding the limit returns HTTP 402 with machine-readable onboarding instructions.
2. API key
Create a key with one HTTP call (see Quick Start) and send it on every request:
X-API-Key: sk_free_...
Keys are the billing identity: usage, spend, and credit balance attach to the key. The full key string is shown once at creation and stored hashed.
3. Wallet-bound key (MetaMask sign-to-create)
In the developer console, connect MetaMask and sign a single message — no transaction, no gas. This creates an API key bound to your wallet address, which means:
- USDT deposits from that wallet credit your key automatically. The deposit listener matches the sending address on-chain.
- The console warns you before depositing from a wallet that doesn't match a registered key, and blocks deposits from the wrong network (anything other than Polygon PoS 137).
Machine identity (HTTP 402)
Autonomous machines register through POST /v1/machine/register — typically
driven by the self-contained HTTP 402 response body they receive when
unauthenticated. The body includes the registration endpoint, deposit
calldata, the real minimum deposit, and working example requests. Details:
Machine Customers.
What we never ask for
- No passwords, no OAuth, no KYC for API usage.
- Your wallet's private keys never leave your wallet — key binding uses a signature, deposits are transactions you send yourself.