> ## Documentation Index
> Fetch the complete documentation index at: https://docs.crossmint.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Server-side Keys

> How to create and use server-side API keys

<Warning>
  **Server-side API keys must be stored securely!**

  Enable only the scopes you need, and no more, and do NOT expose your keys on the frontend of your app, or your github code repository.
</Warning>

## Create a Server-side Key

Navigate to the API Keys section of the developer console and click the "Create new key" button in the server-side keys section.

* [Staging API Keys](https://staging.crossmint.com/console/projects/apiKeys)
* [Production API Keys](https://www.crossmint.com/console/projects/apiKeys)

<Frame type="simple">
  <img src="https://mintcdn.com/crossmint/xq66q9GV6z6jjj95/images/api-reference/create-server-key.jpg?fit=max&auto=format&n=xq66q9GV6z6jjj95&q=85&s=7ff349931366577527ce0a09ee25b57c" alt="create server-side API key in Crossmint developer console" width="1985" height="550" data-path="images/api-reference/create-server-key.jpg" />
</Frame>

### Select Scopes

<Info>
  **Production server-side keys follow a "view once" policy**

  When you create a server-side API key in the production environment, the key secret will only be shown once during creation. After you close the dialog or navigate away, **you will not be able to view the key secret again.**
</Info>

Within the modal that opens, toggle the required scopes on and click the "Create server key" button at the bottom. You may need to expand an accordion for the product area you're working on to expose additional scope options.

<Frame type="simple">
  <img src="https://mintcdn.com/crossmint/9uJPRLU6Ro7RXKau/images/api-reference/server-scopes.jpg?fit=max&auto=format&n=9uJPRLU6Ro7RXKau&q=85&s=6e1473e62a25972a96a4b00ccda14cc8" alt="select server-side API scopes in Crossmint developer console" width="3000" height="1501" data-path="images/api-reference/server-scopes.jpg" />
</Frame>

You can determine the scopes you need by visiting the API reference page for the API(s) you need to interact with.

<CardGroup cols={2}>
  <Card title="API Scopes" icon="bullseye" href="/introduction/platform/api-keys/scopes">
    Complete list of available API scopes
  </Card>

  <Card title="API Reference" icon="paper-plane" href="/api-reference/introduction">
    Detailed docs for all API endpoints
  </Card>
</CardGroup>

## Using a Server-side Key

If you're using the [API Playground](/api-reference) you can add your API key in the Authorization section and this will set it as a header when making the request.

<Frame type="simple">
  <img className="block dark:hidden" src="https://mintcdn.com/crossmint/xq66q9GV6z6jjj95/images/api-reference/create-wallet/api-key-light.jpg?fit=max&auto=format&n=xq66q9GV6z6jjj95&q=85&s=bae5ad21b12c78d06ecf60a9e613d221" alt="Set x-api-key screenshot" width="1145" height="338" data-path="images/api-reference/create-wallet/api-key-light.jpg" />

  <img className="hidden dark:block" src="https://mintcdn.com/crossmint/xq66q9GV6z6jjj95/images/api-reference/create-wallet/api-key-dark.jpg?fit=max&auto=format&n=xq66q9GV6z6jjj95&q=85&s=eae82d7c446ad97cdd6dd68ae214ce93" alt="Set x-api-key screenshot" width="1145" height="338" data-path="images/api-reference/create-wallet/api-key-dark.jpg" />
</Frame>

When calling the APIs from server-side code, you set the `X-API-KEY` header however the target language or library expects it. See some examples below:

<CodeGroup>
  ```bash cURL theme={null}
  curl --request POST \
    --url https://staging.crossmint.com/api/v1-alpha1/wallets \
    --header 'Content-Type: application/json' \
    --header 'X-API-KEY: YOUR_API_KEY' \
    --data '{
    "email": "test@test.com",
    "chain": "polygon-amoy"
  }'
  ```

  ```javascript Node.js theme={null}
  const options = {
    method: 'POST',
    headers: {
      'X-API-KEY': 'YOUR_API_KEY',
      'Content-Type': 'application/json'
    },
    body: '{
      "email":"test@test.com",
      "chain":"polygon-amoy"
    }'
  };

  fetch('https://staging.crossmint.com/api/v1-alpha1/wallets', options)
    .then(response => response.json())
    .then(response => console.log(response))
    .catch(err => console.error(err));
  ```
</CodeGroup>

All of the API routes in the [API Reference](/api-reference/introduction) include code examples for many popular programming languages.