Authentication
How access works on Supanode: manual provisioning over Telegram, IP allowlist for Bundle (RPC/WebSocket/gRPC), x-token for Indexer, IP:Port for Shreds, tip for Sender.
// updated 2026-06-04
There are no API keys to generate and no self-serve dashboard. Access is provisioned manually — you tell us what you need on Telegram (@supanode_tgs) and Supanode sets up your authorization directly.
Provisioning is manual. Subscriptions, IP allowlisting, and credentials are arranged over Telegram. There is no sign-up flow or dashboard in v1.
Authorization model by product
| Product | Authorization |
|---|---|
| Bundle (RPC, WebSocket, gRPC) | IP allowlist — 1 IP per subscription |
| Indexer | x-token + database credentials (issued on provisioning) |
| Raw Shreds | IP:Port destination (Supanode pushes UDP to your endpoint) |
| Sender | Open access — the tip on the transaction is the gate |
| Decoded Shreds | TBD — product is coming soon |
| Dedicated Node | Custom — arranged on provisioning |
Bundle — IP allowlist
For RPC, WebSocket, and gRPC, your server's public IP must be on the allowlist for your subscription. There is no token in headers or query params — authorization is purely by source IP.
When you start a Bundle subscription you give us the public IP that will make requests (over Telegram). Supanode registers it. Requests from any other IP are rejected.
One IP per subscription. To change the registered IP during your subscription, message us on Telegram — the new IP replaces the old one.
Connecting
# RPC
curl http://fra.supanode.xyz:8899 \
-H 'Content-Type: application/json' \
-d '{"jsonrpc":"2.0","id":1,"method":"getSlot"}'
# WebSocket
wscat -c wss://fra.supanode.xyz:8900
# gRPC
grpcurl fra.supanode.xyz:10013 geyser.Geyser/GetVersion
Exact endpoints are confirmed on provisioning. Requests succeed only from an allowlisted IP.
Indexer — x-token
- 1Request access
Message us on Telegram: @supanode_tgs.
- 2Supanode provisions
You receive an
x-tokenplus a database username and password. - 3Pass on every query
Include the
x-tokenheader on every request.
See Indexer Access for connection details.
Raw Shreds — IP:Port destination
Raw Shreds is a UDP push. There is no auth header from your side — you tell us where to send the stream, and Supanode sends only to that destination. You give us the IP:Port on provisioning; you can change it during the subscription over Telegram.
Sender — open access
Sender does not use API tokens. The tip on every transaction is the gate — a System Program transfer of at least 1,000,000 lamports (0.001 SOL) to one of Supanode's tip accounts. Without a valid tip, the transaction is rejected.
Dedicated Node — custom
Dedicated Node authorization is arranged individually on provisioning.
Operational notes
- Everything runs through Telegram. Onboarding, IP changes, credentials, and refunds: @supanode_tgs.
- Your IP must be public and stable. NAT, dynamic IPs, and CGNAT can break the allowlist. Production cloud servers (AWS / Hetzner / OVH) work as expected.
See also
First request in 5 minutes.
All Bundle plans and add-ons.
Duration slider, upgrades, payment.