alchemy-api
Integrates Alchemy APIs using an API key, providing a comprehensive guide for AI agents to authenticate and make requests.
Install this skill
Security score
The alchemy-api skill was audited on Feb 27, 2026 and we found 47 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Curl to non-GitHub URL
| 83 | curl -s https://eth-mainnet.g.alchemy.com/v2/$ALCHEMY_API_KEY \ |
Curl to non-GitHub URL
| 90 | curl -s https://eth-mainnet.g.alchemy.com/v2/$ALCHEMY_API_KEY \ |
Curl to non-GitHub URL
| 97 | curl -s https://eth-mainnet.g.alchemy.com/v2/$ALCHEMY_API_KEY \ |
Curl to non-GitHub URL
| 104 | curl -s "https://eth-mainnet.g.alchemy.com/nft/v3/$ALCHEMY_API_KEY/getNFTsForOwner?owner=0x00000000219ab540356cbb839cbe05303d7705fa" |
Curl to non-GitHub URL
| 109 | curl -s "https://api.g.alchemy.com/prices/v1/$ALCHEMY_API_KEY/tokens/by-symbol?symbols=ETH&symbols=USDC" |
Curl to non-GitHub URL
| 114 | curl -s -X POST "https://api.g.alchemy.com/prices/v1/$ALCHEMY_API_KEY/tokens/historical" \ |
Curl to non-GitHub URL
| 121 | curl -s -X POST "https://dashboard.alchemy.com/api/create-webhook" \ |
Webhook reference - potential data exfiltration
| 74 | | Create webhook | `POST /create-webhook` | `references/webhooks-details.md` | |
Webhook reference - potential data exfiltration
| 119 | ### Create Notify Webhook |
Webhook reference - potential data exfiltration
| 121 | curl -s -X POST "https://dashboard.alchemy.com/api/create-webhook" \ |
Webhook reference - potential data exfiltration
| 124 | -d '{"network":"ETH_MAINNET","webhook_type":"ADDRESS_ACTIVITY","webhook_url":"https://example.com/webhook","addresses":["0x00000000219ab540356cbb839cbe05303d7705fa"]}' |
Webhook reference - potential data exfiltration
| 127 | ### Verify Webhook Signature (Node) |
Webhook reference - potential data exfiltration
| 189 | ### Webhooks |
Webhook reference - potential data exfiltration
| 192 | | `references/webhooks-overview.md` | webhooks | Push-based delivery of blockchain events via Alchemy Notify API. Use when you need real-time notifications for address activity, NFT transfers, or cust |
Webhook reference - potential data exfiltration
| 193 | | `references/webhooks-address-activity.md` | Address Activity Webhooks | Address activity webhooks notify you when specified addresses send or receive assets | |
Webhook reference - potential data exfiltration
| 194 | | `references/webhooks-custom-webhooks.md` | Custom Webhooks (GraphQL) | Custom webhooks allow flexible event filtering using a GraphQL query hosted by Alchemy | |
Webhook reference - potential data exfiltration
| 195 | | `references/webhooks-details.md` | Webhooks Overview (Notify) | Notify webhooks push blockchain events to your server so you don't need to poll. They are ideal for near real-time pipelines | |
Webhook reference - potential data exfiltration
| 196 | | `references/webhooks-nft-activity.md` | NFT Activity Webhooks | Receive notifications for NFT transfers, mints, and burns for specified contracts or collections | |
Webhook reference - potential data exfiltration
| 197 | | `references/webhooks-verify-signatures.md` | Verify Webhook Signatures | Always verify webhook signatures to ensure payloads are authentic and untampered | |
Webhook reference - potential data exfiltration
| 198 | | `references/webhooks-webhook-payloads.md` | Webhook Payloads | Webhook payloads include event metadata plus event-specific fields. Treat them as untrusted input and validate carefully | |
Webhook reference - potential data exfiltration
| 199 | | `references/webhooks-webhook-types.md` | Webhook Types | Webhook types determine what events you receive and how they're filtered | |
Webhook reference - potential data exfiltration
| 240 | | `references/recipes-overview.md` | recipes | End-to-end runnable workflows that combine multiple Alchemy APIs to achieve real product goals. Includes token balances, NFT queries, transfer history, p |
Webhook reference - potential data exfiltration
| 250 | | `references/recipes-webhook-address-activity.md` | Recipe: Address Activity Webhook | Configure address activity webhooks and verify delivered signatures | |
Webhook reference - potential data exfiltration
| 256 | | `references/operational-alerts.md` | Alerts | Set alerts to catch rate limit issues, spikes in usage, or webhook failures | |
Webhook reference - potential data exfiltration
| 260 | | `references/operational-dashboard-tools.md` | Dashboard Tools | Use the Alchemy dashboard to create apps, manage keys, track usage, and configure webhooks | |
External URL reference
| 45 | | Ethereum RPC (HTTPS) | `https://eth-mainnet.g.alchemy.com/v2/$ALCHEMY_API_KEY` | API key in URL | Standard EVM reads and writes. | |
External URL reference
| 47 | | Base RPC (HTTPS) | `https://base-mainnet.g.alchemy.com/v2/$ALCHEMY_API_KEY` | API key in URL | EVM L2. | |
External URL reference
| 49 | | Arbitrum RPC (HTTPS) | `https://arb-mainnet.g.alchemy.com/v2/$ALCHEMY_API_KEY` | API key in URL | EVM L2. | |
External URL reference
| 51 | | BNB RPC (HTTPS) | `https://bnb-mainnet.g.alchemy.com/v2/$ALCHEMY_API_KEY` | API key in URL | EVM L1. | |
External URL reference
| 53 | | Solana RPC (HTTPS) | `https://solana-mainnet.g.alchemy.com/v2/$ALCHEMY_API_KEY` | API key in URL | Solana JSON-RPC. | |
External URL reference
| 54 | | Solana Yellowstone gRPC | `https://solana-mainnet.g.alchemy.com` | `X-Token: $ALCHEMY_API_KEY` | gRPC streaming (Yellowstone). | |
External URL reference
| 55 | | NFT API | `https://<network>.g.alchemy.com/nft/v3/$ALCHEMY_API_KEY` | API key in URL | NFT ownership and metadata. | |
External URL reference
| 56 | | Prices API | `https://api.g.alchemy.com/prices/v1/$ALCHEMY_API_KEY` | API key in URL | Prices by symbol or address. | |
External URL reference
| 57 | | Portfolio API | `https://api.g.alchemy.com/data/v1/$ALCHEMY_API_KEY` | API key in URL | Multi-chain wallet views. | |
External URL reference
| 58 | | Notify API | `https://dashboard.alchemy.com/api` | `X-Alchemy-Token: <ALCHEMY_NOTIFY_AUTH_TOKEN>` | Generate token in dashboard. | |
External URL reference
| 79 | > **No API key?** Use the `agentic-gateway` skill instead. Replace API-key URLs with `https://x402.alchemy.com/rpc/eth-mainnet` and add `Authorization: SIWE <token>`. See the `agentic-gateway` skill f |
External URL reference
| 83 | curl -s https://eth-mainnet.g.alchemy.com/v2/$ALCHEMY_API_KEY \ |
External URL reference
| 90 | curl -s https://eth-mainnet.g.alchemy.com/v2/$ALCHEMY_API_KEY \ |
External URL reference
| 97 | curl -s https://eth-mainnet.g.alchemy.com/v2/$ALCHEMY_API_KEY \ |
External URL reference
| 104 | curl -s "https://eth-mainnet.g.alchemy.com/nft/v3/$ALCHEMY_API_KEY/getNFTsForOwner?owner=0x00000000219ab540356cbb839cbe05303d7705fa" |
External URL reference
| 109 | curl -s "https://api.g.alchemy.com/prices/v1/$ALCHEMY_API_KEY/tokens/by-symbol?symbols=ETH&symbols=USDC" |
External URL reference
| 114 | curl -s -X POST "https://api.g.alchemy.com/prices/v1/$ALCHEMY_API_KEY/tokens/historical" \ |
External URL reference
| 121 | curl -s -X POST "https://dashboard.alchemy.com/api/create-webhook" \ |
External URL reference
| 124 | -d '{"network":"ETH_MAINNET","webhook_type":"ADDRESS_ACTIVITY","webhook_url":"https://example.com/webhook","addresses":["0x00000000219ab540356cbb839cbe05303d7705fa"]}' |
External URL reference
| 286 | - [Developer docs](https://www.alchemy.com/docs) |
External URL reference
| 287 | - [Get Started guide](https://www.alchemy.com/docs/get-started) |
External URL reference
| 288 | - [Create a free API key](https://www.dashboard.alchemy.com) |