HookOS RPC
Authenticated, multi-chain EVM JSON-RPC backed by HookOS's own self-hosted nodes. This is the developer reference for calling the live service: how to get a key, the endpoint format, per-chain availability, code examples, rate limits, and error handling.
§01What HookOS RPC is
HookOS RPC is a key-gated, rate-limited JSON-RPC gateway for EVM chains. Every request is authenticated against an API key you create in the dashboard, routed to a HookOS-operated node, and served with shared, reorg-aware caching.
What makes it different:
- Self-hosted nodes, data sovereignty. Requests are served by nodes HookOS runs on its own hardware — not resold third-party infrastructure. Your traffic and access patterns stay inside HookOS's control plane.
- Multi-chain from one surface. One base URL, one key format; you select the chain with a numeric chain id in the path.
- Flat, predictable pricing. Fixed monthly tiers with a request-rate ceiling per tier (see Rate limits & tiers). No per-request surprises inside your tier's ceiling.
- Safe method surface. Node-admin, signing, and debug namespaces are blocked at the gateway (see Method support & restrictions).
§02Getting an API key
- Go to app.hookos.cloud and sign in.
- Open API Keys.
- Click Create key.
- Copy the key immediately — it is shown once. It is not retrievable later; if you lose it, delete the key and create a new one.
Keys look like hk_live_…. Treat a key as a secret: it grants billed access to your account. Prefer server-side use and the header form of auth (below) so the key never lands in URLs, browser history, or proxy logs.
Sign-up may be invite-only during the current rollout. If you cannot create an account, reach out via @hookosfun.
You can create multiple keys, disable a key instantly, or move a key between tiers from the dashboard. A tier or enable/disable change can take up to ~30 seconds to take effect at the gateway (validated keys are briefly cached).
§03Endpoint & authentication
Endpoint format
https://rpc.hookos.cloud/public/evm/<chainId>
publicis the fixed project id — it is a literal path segment, not your key. Every customer request usespublic.<chainId>is the numeric chain id of the target chain, e.g. Base =8453.
Example (Base): https://rpc.hookos.cloud/public/evm/8453
All calls are standard JSON-RPC 2.0 over HTTP POST with Content-Type: application/json.
Authentication
Send your API key one of two ways. The header form is preferred — it keeps the key out of URLs and server logs.
| Method | How | Notes |
|---|---|---|
| Header (preferred) | X-ERPC-Secret-Token: <API_KEY> | Key never appears in the URL. |
| Query string | ?secret=<API_KEY> | Convenient for quick tests; the key is visible in the URL and may be logged by intermediaries. |
Both forms authenticate against the same key store. Do not put the key in the URL path — the path segment is the project id (public), and a key placed there will 404.
§04Supported chains
Only chains marked Live are callable today. "Coming soon" chains are planned and appear in the dashboard, but do not yet have a deployed node — calling them will not return chain data.
| Chain | Chain ID | Path | Status |
|---|---|---|---|
| Base Mainnet | 8453 | /public/evm/8453 | Live |
| BNB Smart Chain (BSC) | 56 | /public/evm/56 | Coming soon |
| HyperEVM | 999 | /public/evm/999 | Coming soon |
| Unichain | 130 | /public/evm/130 | Coming soon |
| Ink | 57073 | /public/evm/57073 | Coming soon |
| X Layer | 196 | /public/evm/196 | Coming soon |
| Ethereum Mainnet | 1 | /public/evm/1 | Coming soon |
| MegaETH | 4326 | /public/evm/4326 | Coming soon |
Chain ids for "coming soon" chains are the conventional mainnet values and are subject to confirmation when the node is deployed. Base (8453) is verified against the live node.
§05Rate limits & tiers
Each API key is assigned a tier. The tier sets a per-key requests-per-second (RPS) ceiling, enforced at the gateway across all gateway replicas (the counter is shared, so the limit is global, not per-connection). Exceeding it returns HTTP 429.
| Tier | Base price | Requests/sec (per key) |
|---|---|---|
| Free | $0 | 25 |
| Developer | $49 / mo | 100 |
| Business | $199 / mo | 400 |
| Enterprise | Custom | Negotiated (higher) |
Notes:
- The RPS ceiling is per key, counted per second. Bursting above it trips
429for the requests over the limit; retry with backoff. - Tiers also differ on monthly usage allowances, key/project counts, and access to heavier method classes (e.g. archive/trace) — see the dashboard for the current plan matrix. Archive/trace method availability is on the roadmap and not guaranteed on the live service today (see §07).
- If your workload needs a higher sustained rate than Business, contact us about Enterprise.
Pricing is being finalized. The tier prices and allowances above are the current published plan. The gateway internally enforces named rate budgets; the Business ceiling in particular is still being reconciled between the plan sheet and the gateway budget config. Treat the RPS numbers as authoritative for what the gateway enforces per tier, and confirm current pricing in the dashboard before relying on it.
§06Code examples
All examples target Base (chainId 8453) using the preferred header auth. Replace hk_live_xxx with your key.
curl
eth_blockNumber (latest block height):
curl -s -X POST 'https://rpc.hookos.cloud/public/evm/8453' \
-H 'content-type: application/json' \
-H 'X-ERPC-Secret-Token: hk_live_xxx' \
-d '{"jsonrpc":"2.0","id":1,"method":"eth_blockNumber","params":[]}'
eth_getBalance:
curl -s -X POST 'https://rpc.hookos.cloud/public/evm/8453' \
-H 'content-type: application/json' \
-H 'X-ERPC-Secret-Token: hk_live_xxx' \
-d '{"jsonrpc":"2.0","id":1,"method":"eth_getBalance","params":["0x4200000000000000000000000000000000000006","latest"]}'
eth_call (read a contract — here symbol() on WETH, selector 0x95d89b41):
curl -s -X POST 'https://rpc.hookos.cloud/public/evm/8453' \
-H 'content-type: application/json' \
-H 'X-ERPC-Secret-Token: hk_live_xxx' \
-d '{"jsonrpc":"2.0","id":1,"method":"eth_call","params":[{"to":"0x4200000000000000000000000000000000000006","data":"0x95d89b41"},"latest"]}'
eth_getLogs (bounded block range — always cap the range):
curl -s -X POST 'https://rpc.hookos.cloud/public/evm/8453' \
-H 'content-type: application/json' \
-H 'X-ERPC-Secret-Token: hk_live_xxx' \
-d '{"jsonrpc":"2.0","id":1,"method":"eth_getLogs","params":[{"fromBlock":"0x1500000","toBlock":"0x1500064","address":"0x4200000000000000000000000000000000000006"}]}'
eth_getLogs over a large or unbounded range is expensive and may time out. Keep ranges small and paginate.
ethers v6 (JavaScript / TypeScript)
Set the auth header on the transport with FetchRequest:
import { ethers, FetchRequest } from "ethers";
const req = new FetchRequest("https://rpc.hookos.cloud/public/evm/8453");
req.setHeader("X-ERPC-Secret-Token", "hk_live_xxx");
const provider = new ethers.JsonRpcProvider(req, 8453, { staticNetwork: true });
const block = await provider.getBlockNumber();
const balance = await provider.getBalance(
"0x4200000000000000000000000000000000000006"
);
console.log(block, ethers.formatEther(balance));
viem (JavaScript / TypeScript)
Pass the header via the transport's fetchOptions:
import { createPublicClient, http } from "viem";
import { base } from "viem/chains";
const client = createPublicClient({
chain: base,
transport: http("https://rpc.hookos.cloud/public/evm/8453", {
fetchOptions: {
headers: { "X-ERPC-Secret-Token": "hk_live_xxx" },
},
}),
});
const block = await client.getBlockNumber();
const balance = await client.getBalance({
address: "0x4200000000000000000000000000000000000006",
});
console.log(block, balance);
web3.py (Python)
from web3 import Web3
w3 = Web3(Web3.HTTPProvider(
"https://rpc.hookos.cloud/public/evm/8453",
request_kwargs={"headers": {"X-ERPC-Secret-Token": "hk_live_xxx"}},
))
print(w3.eth.block_number)
print(w3.eth.get_balance("0x4200000000000000000000000000000000000006"))
web3.js (JavaScript / TypeScript)
web3.js v4 accepts custom headers on the HTTP provider config:
import { Web3 } from "web3";
const web3 = new Web3(
new Web3.providers.HttpProvider("https://rpc.hookos.cloud/public/evm/8453", {
providerOptions: {
headers: { "X-ERPC-Secret-Token": "hk_live_xxx" },
},
})
);
console.log(await web3.eth.getBlockNumber());
console.log(
await web3.eth.getBalance("0x4200000000000000000000000000000000000006")
);
If your client library makes header injection awkward, you can fall back to the query form: https://rpc.hookos.cloud/public/evm/8453?secret=hk_live_xxx. Be aware the key is then visible in the URL.
§07Method support & restrictions
HookOS RPC serves the standard EVM read and transaction-submission methods (eth_*, net_*, web3_*), including eth_call, eth_getLogs, eth_getBalance, eth_sendRawTransaction, and the block/transaction/receipt getters.
Denied at the gateway. The following namespaces are blocked on every upstream and will not be served — they cover node administration, signing, and debug/internal surfaces that must never be exposed to customers:
| Denied namespace | Examples |
|---|---|
admin_* | admin_addPeer, admin_nodeInfo |
debug_* | debug_traceTransaction, debug_traceBlockByNumber |
engine_* | consensus-layer engine API |
miner_* | miner_start, miner_setEtherbase |
personal_* | personal_sign, personal_unlockAccount |
txpool_* | txpool_content, txpool_status |
les_* | light-client server methods |
Calling a denied method returns a JSON-RPC error rather than node data.
Archive & trace. Archive-grade state and trace_* / debug_* tracing are on the roadmap and are not guaranteed on the live service today (debug_* and trace_* are currently in the deny list above). Do not build against them yet; watch the dashboard for availability and tier gating.
§08Errors
HTTP-level
| HTTP status | Meaning | What to do |
|---|---|---|
| 200 | Success. The body is a JSON-RPC response (which may itself contain an error). | Inspect the JSON-RPC result/error. |
| 401 | Missing, invalid, or disabled API key. | Check the header/query key; confirm the key is active in the dashboard. Note the key store fails closed, so a backend hiccup can also surface as 401 — retry, then contact support if it persists. |
| 429 | Rate limit exceeded for your key's tier. | Back off and retry; reduce request rate or upgrade tier. |
JSON-RPC errors
Successful HTTP requests can still return a standard JSON-RPC 2.0 error object:
{
"jsonrpc": "2.0",
"id": 1,
"error": { "code": -32600, "message": "..." }
}
Common cases: -32700 parse error, -32600 invalid request, -32601 method not found (including denied namespaces), -32602 invalid params, -32603 internal error, and -32000-range server errors (e.g. execution reverted, timeout). Always check for an error field even on HTTP 200.
§09Best practices
- Use header auth (
X-ERPC-Secret-Token) and keep keys server-side. - Rotate keys you suspect are exposed — disable/recreate from the dashboard.
- Handle 429 with backoff (exponential + jitter); stay under your tier RPS.
- Bound
eth_getLogsranges and paginate large scans. - Cache-friendly by design: finalized data is cached indefinitely at the gateway, so repeated historical reads are cheap; head/realtime data has a short TTL and reflects reorgs.
§10Links
- Dashboard / keys: app.hookos.cloud
- RPC base URL:
https://rpc.hookos.cloud - Support / updates: @hookosfun