Web RPC Gateway · dApp Gateway

Abuse-resistantRPC for the Web.

Your dApp's RPC URL is in every visitor's dev tools. Today, anyone can scrape it and use it from anywhere — your quota, their workload. The Web RPC Gateway serves only your real users from real browsers. Scrapers, bots, and scripts pointed at the same URL get denied.

Get a free Web RPC Gateway URLRead the docs
Setup

One line of config.

import { Connection } from '@solana/web3.js';

// before — your RPC key shipped in the browser bundle
// const conn = new Connection('https://your-rpc.example.com/<your-key>');

// after — clean URL, no secret embedded
const conn = new Connection('https://www-rpc.venum.dev/v1/<your-id>');

const slot = await conn.getSlot();
// every standard Solana RPC method works as-is

Sign in at app.venum.dev, copy your Web RPC URL from the dashboard, paste into your dApp. That's the change.

What you get
◆ ABUSE-RESISTANT

Only your real users can use it

Scrapers, scripts, and bots pointing at your Web RPC Gateway URL get denied. Your dApp's quota stops being a free buffet for anyone who opens dev tools.

◆ NO SECRET IN BUNDLE

Nothing to leak from your client JS

View Source on most Solana dApps reveals an RPC API key one click away. The Web RPC Gateway URL contains no secret — there's nothing reusable to copy.

◆ DROP-IN

web3.js works as-is

Same JSON-RPC contract as any Solana RPC. Replace your existing URL string and you're done — no SDK swap, no extra client code.

◆ PLUG YOUR OWN RPC · PAID

Secure your existing RPC against abuse and bots

Already paying Triton, Helius, or QuickNode? On Starter or Pro, forward the gateway to your own URL — we filter the traffic before it reaches your upstream. Your bandwidth, our protection.

◆ FREE DURING BETA

Sign in, copy URL, ship

Every Venum account gets a Web RPC Gateway URL today. Paid tiers (custom domain, higher limits, plug-your-own-RPC) shortly after.

Plug your own RPC Paid tier

Secure your existing RPC against abuse and bots.

Already paying Triton, Helius, QuickNode, or running your own validator? Keep it. Forward the Web RPC Gateway to your own URL — every request that lands on your upstream has already cleared our abuse filters. Your dApp keeps the clean public URL. Your provider keeps your bandwidth.

▶ STAY WHERE YOU ARE

Any JSON-RPC URL works

Triton, Helius, QuickNode, Alchemy, your own validator. Paste the URL — we don't care who's behind it.

▶ NEVER ECHOED BACK

Server-side only storage

Your URL stays in our database. The dashboard sees a connected flag, not the URL. Disconnect any time.

▶ FILTER FIRST, FORWARD SECOND

Bots stop here, not at your bill

Abusive traffic gets denied before we touch your upstream. You pay for real users.

See paid tiersRead the docs
Two endpoints, one for each job

Right URL for the right caller.

Web RPC is sized for browser traffic from real end-users. Server-side and scripted access goes through the free Solana RPC instead — pointing the wrong client at the wrong URL just yields a clear 403 with the right hint.

Web RPC Gateway
www-rpc.venum.dev/v1/<id>
dApp frontend — browser traffic only

No key in bundle. Abuse-resistant by design.

Learn more →
Free Solana RPC
rpc.venum.dev
Server-side, scripts, bots, CI

API-key gated. Drop-in for any Solana RPC URL.

Learn more →
FAQ

Common questions.

How is the Web RPC Gateway abuse-resistant?+

Each gateway URL is scoped to your dApp. Calls that don't look like real users on your site are denied at the edge — scrapers, scripted curl traffic, and dev-tools replays don't pass. The full denial logic stays opaque so it can't be probed and bypassed.

Do my users need a Venum account?+

No. Your users hit your dApp normally. The gateway URL is the only thing in your client bundle, and it has no secret in it — you ship it the same way you ship a public RPC URL today.

Will my existing web3.js code keep working?+

Yes. The gateway speaks standard Solana JSON-RPC. Replace your current RPC URL with `https://www-rpc.venum.dev/v1/<your-id>` in your `Connection` constructor and ship — no SDK changes, no extra client code.

Can I keep using my existing RPC provider behind the gateway?+

Yes — that's the BYOK (bring-your-own RPC) mode on Starter and Pro. Configure your Triton, Helius, or QuickNode URL as the upstream and we filter out abusive traffic before it ever reaches your account. You keep your provider relationship; we keep the bots out of your bandwidth.

How do I lock the gateway to specific dApp domains?+

In your dashboard at app.venum.dev, set an Origin allowlist on your gateway. Only browser requests originating from those domains will be accepted; everything else gets a 403. Useful when you have one production dApp domain and want to block forks of your frontend hosted elsewhere.

What's the difference vs the regular Solana RPC at rpc.venum.dev?+

Regular RPC at `rpc.venum.dev` is API-key gated — meant for your server, scripts, bots, and CI. The Web RPC Gateway at `www-rpc.venum.dev` has no key and is meant for your dApp frontend, where any "secret" you ship would be public anyway. Use the right one for the right surface.

Ship a dApp with no leaked key.

30 seconds: sign in, copy your Web RPC URL, paste into your Connection. Free during beta.

Get a free Web RPC Gateway URLRead the Web RPC docs