ChainVault
    ChainVault
    • ChainVault
    • Get Started
    • Authentication
    • Transactions
      • Submit Withdrawal
        POST
      • Get Transaction By ID
        GET
      • List Transactions
        GET
    • Wallet

    Authentication

    Authentication#

    API Keys#

    All requests to the ChainVault API must be authenticated using API keys. Each client is provided with a unique API key and secret that should be kept secure.

    API Key Header#

    Include your API key in the request header:
    X-API-KEY: your_api_key_here

    Request Signing#

    For enhanced security, we recommend signing all requests. Each request should include:
    X-TIMESTAMP: current_unix_timestamp
X-SIGNATURE: hmac_sha256_signature
    The signature is generated by creating an HMAC-SHA256 hash of the request payload using your API secret as the key.

    Example Request Signing#

    IP Whitelisting#

    For additional security, we recommend configuring IP whitelisting for your API keys. This can be done through the client dashboard.

    API Key Management#

    Key Rotation: We recommend rotating your API keys periodically
    Multiple Keys: You can create multiple API keys for different environments or applications
    Key Permissions: Each API key can be configured with specific permissions

    Security Best Practices#

    1.
    Never expose your API keys in client-side code
    2.
    Store API secrets securely and encrypt them at rest
    3.
    Use IP whitelisting to restrict access to your API keys
    4.
    Implement request signing for all production requests
    5.
    Set up alerts for unusual API usage patterns
    Modified at 2025-08-20 12:52:49
    Previous
    Get Started
    Next
    Submit Withdrawal
    Built with