Home Server Search Games Pricing Documentation Use Cases

Authentication & Security

Real-time monitoring for Minecraft, CS2 & Rust

Authentication Methods

Secure API Key Management

Every integration starts with a unique API key. ServerPulse generates cryptographically secure tokens tied to your account tier, ensuring granular access control across all endpoints.

Key Generation & Rotation

Generate keys directly from the developer dashboard. We recommend rotating production keys every 90 days. Use the `X-ServerPulse-Key` header for all authenticated requests.

GET /v2/servers/status
Host: api.serverpulse.io
X-ServerPulse-Key: sk_live_7f8a9b2c3d4e5f6g7h8i9j0k

Secure Storage Practices

Never commit keys to version control. Store them in environment variables or a secrets manager like HashiCorp Vault or AWS Secrets Manager. Restrict file permissions to `600` on Linux systems.

Recommended
Rate Limits & Quotas

Request Throttling by Plan

Our infrastructure enforces strict rate limits to maintain 99.99% uptime across 14,000+ monitored game servers. Limits apply per API key and are reset on a sliding 60-second window.

Starter

100 req/min

Ideal for personal dashboards and single-server monitoring.

  • 10 concurrent WebSocket connections
  • Basic server status polling
  • Standard endpoint access

Professional

1,000 req/min

Built for network operators managing multiple game communities.

  • 50 concurrent WebSocket connections
  • Real-time player event streams
  • Priority queue processing

Enterprise

10,000 req/min

Custom throttling for high-traffic platforms and hosting providers.

  • Unlimited WebSocket connections
  • Dedicated API gateway instance
  • Burst allowance up to 150%
Integration Guidelines

Security Best Practices

Protect your infrastructure and player data with these proven integration standards.

Enforce HTTPS & Certificate Pinning

All API traffic must be routed over TLS 1.3. Implement certificate pinning in mobile or desktop clients to prevent man-in-the-middle attacks. Our endpoints reject all unencrypted HTTP requests with a 403 response.

IP Allowlisting & Webhook Verification

Restrict API key usage to specific server IPs via the dashboard firewall rules. When receiving ServerPulse webhooks, validate the `X-Signature-256` header using your webhook secret before processing payload data.

# Verify webhook signature in Python
import hmac, hashlib
signature = hmac.new(secret.encode(), payload, hashlib.sha256).hexdigest()

Audit Logs & Anomaly Detection

Enable audit logging in your account settings to track key usage, failed authentications, and endpoint access patterns. ServerPulse automatically flags unusual traffic spikes originating from non-standard regions.

Critical for Compliance

Need automated key rotation or custom rate-limit overrides? Our engineering team provides dedicated integration support for enterprise contracts.