This repo hosts a one-click-deploy Cloudflare worker that proxies requests to Dune's Sim APIs. The proxy will allow you to keep your API key hidden from public requests made by clients. You will need both a Sim account and a Cloudflare account to deploy this.
Sim APIs offers 100k monthly API calls and 5 requests per second for free. Cloudflare workers can execute 100k invocations each day for free. Most projects can easily get started within these free tiers.
Press the button below to deploy this to your own Cloudflare account:
Navigate to your newly deployed worker, and click "Settings" and then "Variables":
Add a new variable with the key name SIM_API_KEY and your Sim API key as the value:
NOTE: We recommend selecting "Encrypt". This will hide your key from the UI and API responses, and redact them from logs.
Refresh the page and confirm that your API key is saved and encrypted.
You can now use your worker URL as the base Sim API endpoint in all SDK and client side configurations without leaking your API key.
This implementation is intentionally left in a less-than-ideal security state to facilitate easy deployment by anyone. If you would like to lock down your Sim Proxy further, consider the following steps after you have successfully deployed the worker:
- Update the
Access-Control-Allow-Originheader by adding a new variable with the key nameCORS_ALLOW_ORIGINto contain the host that your requests are coming from (usually your client application). For example, if you wanted to allow requests fromhttps://example.com, you would change the header tohttps://example.com. To support multiple domains, setCORS_ALLOW_ORIGINto a comma separated list of domains (e.g.https://example.com,https://beta.example.com). - Cloudflare Web Application Firewall (WAF) - You can configure the WAF to inspect requests and allow/deny based on your own business logic.