Best Practices

​

Secure API Key Management

Your Crossmint API key is very powerful. It allows you to mint new NFTs, and also to edit them.

To prevent malicious agents from compromising your project:

• Never share these keys with others or using non encrypted channels.
• Never commit these keys in code that is saved to version control, like Git. Instead, use environment variables.
• Never use these keys from the client side / frontend of your website. These keys should only be used from the server side.

​

Choosing the right media

Pay special attention to the format and encoding you use for your media files, to ensure your users can view their NFT with high quality even in low bandwidth environments. Consider the following:

1. Choose an efficient file format: Crossmint recommends PNG or WEBP for images, and MP4 for video.
2. Find the right balance between media quality and loading speed.
   • Pick the lowest resolution that fits your use case: 1024x1024 looks crisp on mobile. For desktop, you can increase it by a factor of 2 or 3 without compromising speed notably.
   • Optimize the file size: If your audience is mobile, aim for up to 300KB for images, and 5MB for video.

​

Ensure your metadata follows industry standards

Follow the metadata standards to ensure compatibility with marketplaces, wallets, and other apps.

For more detail, read the metadata guide. You can create test NFTs in staging to verify they function properly with other applications.

​

Validate on staging before deploying on mainnet

It is best practice to test everything on a testnet before moving to production. You can access all the tools from the staging console, and read more about the differences between staging and production here.

​

Protect against bots 🤖

It’s common for free NFT claims to get abused by automated scripting and bots. Crossmint offers additional protection vs doing your own contract, as mints can only happen when calling via the mint API (i.e. a bot can’t mint directly submitting transactions onchain).