Skip to main content

Create an API Key

Before using the API or deploying the API Co-Signer, you need to create an API Key. This tutorial walks you through the API Key creation process, including configuration options and important considerations.

In this tutorial, you will learn:

  1. The different use cases for API Keys
  2. How to create an API Key for each use case

API Key Use Cases

API Keys are categorized by usage and cannot be shared or reused across use cases:

  • Access API: Used to access Safeheron's open API. View API Docs
  • Deploy the API Co-Signer: Used for deploying the API Co-Signer, enabling automatic approval and signing. The API Co-signer feature is available only for Standard and higher-tier plans. It is not included in the Starter Plan. See pricing details.

Prerequisites

Log in to the Safeheron Console with an account that has Manage APIs permission. Go to Setting > API in the left sidebar to open the API Key list.

Create an API Key for 「Access API」

Click "Create API Key", and configure the following on the Add API Key page:

  1. For: Select Access API.

  2. Name: Set a recognizable name for the API Key.

  3. Public Key: Upload your RSA public key. Safeheron will use it to verify the signature of your requests and encrypt the response data.

    caution

    Make sure to generate your key pair in a secure environment. Store your private key safely to avoid the risk of asset loss.

  4. IP whitelist: Specify allowed outbound IP addresses (supports IPv4/IPv6). Requests from non-whitelisted IPs will be rejected with error code 1011.

    tip

    For testing purposes, you may disable IP whitelisting to allow requests from any IP.

  5. Permissions: Choose permissions based on your business scenario. We recommend following the principle of least privilege.

    PermissionDescription
    ReadDefault permission for accessing read-only APIs (e.g., wallet/account queries)
    Create/Cancel transactions (from wallet account created by API)Enables submitting transactions using wallet accounts created via API
    Create/Cancel Transactions (from wallet account created on the platform)Enables submitting transactions using accounts created in the Web Console or Mobile App
    Manage wallet accountsAccess to wallet account management APIs (e.g., add token, update display status)
    Manage whitelistsAccess to whitelist management APIs (e.g., add/modify/delete whitelist addresses)
  6. Submit for approval: Click Submit for approval. The approval task will be pushed to team members via the mobile app. The API Key becomes effective once approved.

  7. Retrieve Platform Public Key: In the API Key list, click View under the Public Key column to retrieve the platform public key. This key is used to encrypt API request parameters and verify response signatures.

  8. Done

Create an API Key for 「Deploy the API Co-Signer」

Click "Create API Key", and configure the following on the Add API Key page:

  1. For: Select Deploy the API Co-Signer.

  2. Name: Set a recognizable name for the API Key.

  3. IP whitelist: Enter the outbound IP address of the server where the API Co-Signer is deployed. Otherwise, the API Co-Signer will not function correctly.

  4. Callback:

    • URL: Enter the callback URL of your Approval Callback Service
    • Public Key: Upload the RSA public key of your Callback Service
    • Skip callback configuration (only supported for test teams): If enabled, the callback URL and public key can be skipped. The API Co-Signer will auto-approve all requests without any callback. For security reasons, this is only allowed in testing environments and is not supported for production.
  5. Submit for approval: Click Submit for approval. The API Key will become active once approved via the mobile app by your team members.

  6. Retrieve Pairing Token: After approval, click Pairing Token under the More dropdown in the API Key list. This token is required when deploying the API Co-Signer.

  7. Done

Next Steps

Once your API Key is ready, proceed to the next step based on your use case: