API Keys
Scopes
Enabling required permissions for API calls
Below is a complete list of the API scopes available. You can also find the scope a specific API requires in the API Reference section.
Wallet APIs
Scope | Description | Server Key | Client Key |
---|---|---|---|
wallets.read | Retrieve all wallets for a user. | ✅ | ✅ |
wallets.create | Create a wallet for a user. | ✅ | ✅ |
wallets:nfts.read | Fetch the NFTs owned by a specific wallet address. | ✅ | ✅ |
wallets:nfts.transfer | Transfer an NFT from a user’s wallet. | ✅ | |
wallets:messages.sign | Sign a message from a user’s wallet. | ✅ |
When using the Smart Wallets SDK you must use a client-side API key.
The wallets.read
, wallets.create
, and wallets.nfts.read
scopes also work client-side for custodial wallets.
Verifiable Credentials
Scope | Description | Server Key | Client Key |
---|---|---|---|
credentials.read | Fetch credentials, some endpoints will only work with a server side key. | ✅ | ✅ |
credentials.decrypt | Decrypt credentials, mainly used by our client side SDK. | ✅ | ✅ |
credentials:templates.create | Create a template for your credentials. | ✅ | |
credentials.create | Issue your credentials and create credential types | ✅ | |
credentials.delete | Revoke a credential issued to a subject. | ✅ |
Minting APIs
Scope | Description | Server Key | Client Key |
---|---|---|---|
nfts.create | Mint your NFTs and deliver them to a wallet or to an email address. | ✅ | |
nfts.update | Update a minted NFT’s metadata on IPFS (image, description, name…). | ✅ | |
nfts.read | Retrieve all metadata for an NFT. | ✅ | |
nfts.delete | Burn a specific NFT within a collection. | ✅ | |
collections.create | Create a collection of NFTs. | ✅ | |
collections.update | Update information for an existing collection (image, name, royalties…). | ✅ | |
collections.read | Retrieve the information about a specific collection. | ✅ |
Payments APIs
Scope | Description | Server Key | Client Key |
---|---|---|---|
orders.create | Create an order for headless checkout. | ✅ | ✅ |
orders.read | Get an existing order for headless checkout. | ✅ | ✱ |
orders.update | Update an existing order for headless checkout. | ✅ | ✱ |
When updating or reading order status from the client-side, you must pass the
clientSecret
returned in the create-order call as an authorization
header. The clientSecret
provides the authorization and an API Key is not required in this use case. See this guide in the Headless Checkout docs.Authentication
Scope | Description | Server Key | Client Key |
---|---|---|---|
users.create | Create users / allow them to sign up. | ✅ | |
users.read | Get profile info for user accounts. | ✅ |
Project Administration
Scope | Description | Server Key | Client Key |
---|---|---|---|
billing.readonly | Get balance in credits for a project. | ✅ | |
projects:usage.read | Get usage for the different products in a project | ✅ |