Skip to main content
All API requests require the Api-Access-Key header.
Some endpoints also require:
For how permission groups, keys, and signatures work together, see API setup and Request signing.

How authentication works

API authentication has three layers. Every request needs all the layers that apply to the endpoint you’re calling.

Permissions

A permission group defines which vaults a key can access and what operations it can perform.

API key

An access key identifies the caller and is required on every request.

Signature

An Ed25519 signature authorizes sensitive endpoints, such as withdrawals.