Authentication
Overview
The CFX APIs are secured using industry standard authentication, authorization and encryption mechanisms. Authentication for live API endpoints is performed using a provided X-API-KEY and X-API-SECRET pair which are included as headers within each API invocation. These credentials are provided when you register for API access.
The requirement to present authentication credentials depends on which endpoint you're hitting:
| Backend | Response | Auth | Description |
|---|---|---|---|
| Mock | Static | No | A live API endpoint returning the static response as specified in our OpenAPI spec. Authentication keys are not mandatory. |
| Mock | Dynamic | No | A live API endpoint returning a dynamic response that adheres to our OpenAPI spec. Authentication keys are not mandatory. |
| Sandbox | Dynamic | Yes | A live API endpoint hosted in the CFX customer sandbox integrated with Solana Devnet. This endpoint requires authentication credentials. |
Static and dynamic mocks will accept authentication credentials however these will not be scrutinised. Only the live sandbox APIs will enforce our authentication policies. Note the choice of API backend can be selected dynamically on our portal through the following dropdown:
You'll see the developer portal generates live endpoints which can be hit directly from your code or tools. These invocations will not scrutinise authentication credentials.
Please see our Getting Started guide for more information on how our API mocks function.
Request your own API Key
When you're ready to roll your developer sleeves up it's time to request API keys for our customer sandbox. These keys will let you interact with live, devnet-integrated API endpoints interactively through this developer portal or by hitting our sandbox APIs directly from your client. Authentication is enabled by populating the X-API-KEY and X-API-SECRET header fields with your provided keys.
You can hit our customer sandbox APIs directly from your client by populating these headers in each request.
Environments
For security purposes, independent API Keys will be provided for our sandbox and production environments. Connectivity to production systems will require a manual approval process that may involved IP whitelisting with your nominated hosts.
Updated 7 days ago