Here is an example response object:
Open in a new tab here: /api-reference/minting/nfts/mint-nft
Crossmint has a 10MB re-upload size limit. For larger files, upload your media to IPFS, create a metadata.json as shown above, submit the metadata file's URL, and ensure `reuploadLinkedFiles` is set to `false`.
The default option is `true`.
Here is an example response object:
### Setting Authorized Origins
Client-side keys are exposed in the application and thus require additional security measures. The minimum requirement is to whitelist URLs that requests can be sent from. Client-side keys support two types of origins:
#### Web Origins
For web applications, you need to add the domains that requests will be sent from. In development, you'll need to add the local domain you test your application from. This is commonly `http://localhost` followed by a port number such as `3000`, `5173`, etc. For example, when developing with NextJS, the default origin you need to authorize is `http://localhost:3000`.
The expected format for web origins is a full URL with protocol, such as `https://www.yourdomain.com` or `http://localhost:3000`.
#### Mobile App Identifiers
For mobile applications, you need to add the bundle identifiers for iOS apps or package names for Android apps. The expected format is:
* iOS: Bundle ID (e.g., `com.company.appname`)
* Android: Package name (e.g., `com.company.appname`)
### Select Scopes
Within the modal that opens, toggle the required scopes you want to enable. You may need to expand an accordion for the product area you're working on to expose additional scope options.
For more information on API Key scopes visit the scopes page or the API Reference.
## Third Party Authentication
For projects that have already implemented authentication using one of the supported providers, you can provide Crossmint with the appropriate project/environment/app ID from the settings page of the third party. Supported providers include: Dynamic, Auth0, Stytch, Privy, and Firebase.
To use this option, select the 3P Auth providers option, then choose your provider from the dropdown. Next, you'll need to find the appropriate ID that your provider gives you to identify your project. This can typically be found within the settings pane of their web interface.
## Custom JWT Auth
If your project is using an auth provider not listed in the 3P providers list or is a home-grown JWT solution, you can choose the Custom tokens option. You will need to be able to provide a 
For a detailed guide on implementing this approach, check out the [Custom JWT Authentication Guide](/introduction/platform/api-keys/custom-jwt-auth-guide).
# Overview
Source: https://docs.crossmint.com/introduction/platform/api-keys/overview
Get your keys in seconds and start building
API keys are required to authorize requests against the Crossmint APIs. By using an API key, Crossmint knows which project is making the call, and can deduct credits from your balance.
## Staging vs. Production Keys
First, determine if you need a staging (testing) or production API key.
### Select Scopes
You can determine the scopes you need by visiting the API reference page for the API(s) you need to interact with.
## Privacy Policy
Projects have an option to register a link to your company's privacy policy. If set, this link will be shown to your users when they're using any Crossmint-managed user interface, such as the Checkout, where user information is collected. A privacy policy is required by law if you want to later those users' personally identifiable information, such as their email address.
If you don't already have a privacy policy, you can generate and host one using tools like [Termly](https://termly.io/).
> **Note:** Failure to add a privacy policy will result in email addresses being hidden.
#### Cases Requiring a Privacy Policy to Access User Data
| Use Case | Privacy Policy Required |
| ---------------------------- | ----------------------- |
| Payments (payment button) | Yes |
| Payments (embedded checkout) | Yes |
| Payments (headless checkout) | No |
| Mint API or console | No |
| Wallet APIs or console | No |
### Steps to Add a Privacy Policy Link
1. \**Go to the General Settings tab*
* Access the Settings page from the sidear.
2. **Include the Privacy Policy Link**
* In the project settings, locate the section for adding a privacy policy.
* Paste the URL of your privacy policy generated from Termly or any other source.
4. **Verify Email Visibility**
* After adding the privacy policy link, check to ensure that email addresses are now visible.
* If the link is not included, emails will remain hidden to protect user data.
Following these steps will ensure compliance with data protection laws and enable the visibility of email addresses in your project settings.
***
## FAQs
**It takes months to build secure and reliable minting infrastructure:**
1. Write and maintain token smart contracts
2. Build a backend for orchestrating all blockchain transactions
3. Securely administer keys and crypto balances
4. Add queueing, batching, RPC redundancy, priority/gas fee estimations, e2e observability...
**Crossmint manages all of this for you via a suite of APIs to create, update, delete and manage tokens of any type through REST APIs, available on any chain.**
## Key Characteristics
5. (Production only) [Verify your account and collection](/introduction/platform/account-verification). Not required in staging.
6. Share the url or QR code with your users.
### FAQs
The final step is to test the endpoint. To do so, mint one or two NFTs with the API and observe the responses to verify setup success.
## Webhook video walkthrough
### 6. Security
For security, verify webhook signatures using the signing secret from your endpoint details page:
See the embedded checkout in action on the [Crossmint Playground](https://playground.crossmint.com/checkout/embedded).
## When is the Embedded Checkout the best fit?
* **You want to insert the checkout into your site**
* **You want high level of control over the UI/UX**
## Get Started
### Fee Sponsorship
This option enables you to control who pays the fees of the NFT purchase including gas and credit card transaction fees. The default option is "Buyer", which means that if you set a price of 10 USDC, the final price the buyer pays will be 10 USDC plus fees.
If you want to provide a consistent price for your customers, select the "You" option to sponsor the fees. When you sponsor the fees they will be deducted from the amount the buyer pays and the remainder will be paid to the recipient wallet you set in the next step.
#### Recipient Address
Enter the wallet address where you want to receive payments. This is the address where Crossmint will send the proceeds from NFT sales.
Click the `Create NFT` button to complete.
3. Click the "Integrate" tab and select the "API Keys" section on top
Before creating an API key, you'll need to decide on server-side vs client-side implementation. You can find some more info in the [Client or Server Guide](/payments/headless/guides/client-or-server).
## Next Steps
You're ready to move on to implementing the Headless Checkout in your application!
# Amazon Integration
Source: https://docs.crossmint.com/payments/headless/guides/providers/amazon
How to enable crypto purchases of Amazon products using Headless Checkout
This guide explains how to integrate Amazon product purchases using the Headless Checkout API.
## Product Locator Format
When creating an order for an Amazon product, use the `productLocator` parameter with either the Amazon ASIN or product URL:
```json
// Amazon ASIN
{
"lineItems": [
{
"productLocator": "amazon:B01DFKC2SO"
}
]
}
// Amazon Product URL
{
"lineItems": [
{
"productLocator": "amazon:https://www.amazon.com/dp/B01DFKC2SO"
}
]
}
```
## Example Flow
