Secure API Key Management

Your Crossmint API key is very powerful. It allows you to mint new NFTs, and also to edit them.

To prevent malicious agents from compromising your project:

  • Never share these keys with others or using non encrypted channels.
  • Never commit these keys in code that is saved to version control, like Git. Instead, use environment variables.
  • Never use these keys from the client side / frontend of your website. These keys should only be used from the server side.
If your API key gets compromised, delete it ASAP on the developer console. You can generate a new one to continue using your contracts.