Skip to main content

Getting Your API Key

To request a Pilot API key, contact: 📧 contact@walletsuite.io Each API key is issued per organization and controls access to specific endpoints and features. See Rate Limits for the Pilot key validity window and tier limits.

Authentication Method

  • Type: apiKey
  • Location: HTTP request header
  • Header name: X-API-KEY
All authenticated requests must include this header. Requests without a valid API key are rejected before reaching business logic.

Example

X-API-KEY: your-api-key

HTTPS Requirement

  • All API requests must be sent over HTTPS
  • Requests over plain HTTP will fail
  • Requests without authentication headers will fail
This requirement applies to all tiers, including Pilot and Production.

Request Scope & Permissions

  • All requests are scoped to your organization
  • Access is restricted based on your plan and enabled permissions
  • Unauthorized access attempts are rejected

Authentication Errors

Authentication can fail for the following reasons:
  • Missing X-API-KEY header
  • Invalid or expired API key
  • Insufficient permissions for the requested endpoint
In those cases the API returns an appropriate 4xx HTTP status code (typically 401 or 403).

Premium Endpoints

Certain endpoints are classified as Premium and are not accessible using the Pilot API key by default. To enable premium access, contact your account manager.
Premium access is enforced at the API level during request authentication.

Securing Your API Keys

WalletSuite API keys grant access to privileged resources. You are responsible for keeping them secure. Best practices:
  • Store API keys in environment variables or a secrets manager
  • Restrict access to trusted systems only
Never:
  • Commit API keys to source control (GitHub, GitLab, etc.)
  • Expose API keys in frontend or client-side applications
  • Share API keys publicly or with unauthorized parties