Introduction
API keys allow you to interact with the Universal Wallet platform programmatically, enabling automation and integration with your existing systems. This tutorial will guide you through creating your first API key and making your first API request.API keys provide direct access to your distributor account. Keep them secure and never share them publicly or commit them to version control.
Prerequisites
Before you begin, ensure you have:- An active distributor account
- The maker role for creating API keys
- The checker role for approving API keys (can be a different user)
Step 1: Create an API Key (Maker)
Configure Permissions
Fill in the API key details:Label: Give your key a descriptive name (e.g., “POS Integration”, “Balance Monitor”)Permissions:
- ✅ Read Balance: Query your distributor wallet balance
- ✅ Read Transactions: Access operation history
- ⬜ Perform Operations: Create cash-in/cash-out operations
Set Limits (Optional)
Configure optional security limits:
- Max Transaction Amount: Maximum amount per operation (e.g., 100,000)
- Max Daily Volume: Total daily transaction limit (e.g., 1,000,000)
- Allowed IPs: Comma-separated list of IP addresses (e.g.,
192.168.1.100,10.0.0.5) - Expires In: Number of days until the key expires (default: 365)
Step 2: Approve the API Key (Checker)
Navigate to Pending API Keys
Have a user with the checker role log in and navigate to Settings → API Keys → Pending tab.
Review the Request
Review the API key request details:
- Label and permissions
- Transaction limits
- IP restrictions
- Expiration period
Step 3: Save Your API Key
Once approved, the maker will see a modal displaying the API key:Step 4: Test Your API Key
Let’s make your first API request to verify the key works.Get Distributor Balance
Expected Response
Managing API Keys
View Active Keys
Navigate to Settings → API Keys → Active to see all active keys, including:- Label
- Permissions
- Usage statistics
- Last used timestamp
- Expiration date
Revoke an API Key
If a key is compromised or no longer needed:Best Practices
Use Descriptive Labels
Use Descriptive Labels
Always use clear, descriptive labels that indicate the purpose and location of the key usage (e.g., “Production POS - Main Store”, “Staging - Balance Monitor”).
Principle of Least Privilege
Principle of Least Privilege
Only grant the minimum permissions required. If you only need to check balances, don’t enable “Perform Operations”.
Set Transaction Limits
Set Transaction Limits
Always configure transaction and daily volume limits to minimize potential damage if a key is compromised.
Use IP Whitelisting
Use IP Whitelisting
If your integration runs from fixed IP addresses, restrict the key to those IPs only.
Rotate Keys Regularly
Rotate Keys Regularly
Set appropriate expiration periods and create new keys before old ones expire. Consider rotating keys every 90-180 days.
Secure Storage
Secure Storage
- Never hard-code keys in your application
- Use environment variables or secure secret management systems
- Never commit keys to version control
- Restrict access to production keys
Monitor Usage
Monitor Usage
Regularly review API key usage in the dashboard. Investigate any unexpected patterns or usage from unknown IPs.
Troubleshooting
401 Unauthorized
- Verify the API key is correct and hasn’t been revoked
- Ensure you’re using the
Bearerprefix in the Authorization header - Check that the key hasn’t expired
403 Forbidden
- Confirm the key has the required permission for the endpoint
- Verify the distributor ID in the URL matches the distributor ID associated with the key
- If using IP whitelisting, ensure your request originates from an allowed IP
400 Bad Request
- Check that you’re using the correct endpoint URL
- Verify request payload format matches the API specification
- Ensure required parameters are included
Next Steps
Cash-In via API
Learn how to create cash-in operations programmatically
Cash-Out via API
Learn how to process cash-out operations via API
API Reference
Full API endpoint documentation
Security Best Practices
Learn about securing your integration