API Key Authentication
API Key Authentication is the primary method for securely accessing your Signchain Vault APIs. Each account can create one or more unique API keys, which must be provided in all requests to verify the identity of the requester and ensure data security.
Obtaining Your API Key
To obtain your API key:
- Log into the Signchain Dashboard.
- Navigate to the API Keys section and click Create API Key.
- Name your key with a sensible name that allows you to differentiate between different API Keys on your account. Then click Create API Key.
- Copy your API key and store it securely. Do not share your API key, as it grants access to sensitive operations within your vault.
Using the API Key in Requests
Once you have your API key, include it in the Authorization header of every request made to the Signchain Vault API. This key authenticates your requests and ensures only authorized clients have access to your vault resources.
Example
Here’s how to use the API key in a curl request:
curl -H "Authorization: Bearer <Your-API-Key>" https://signchain.net/api/v1/...
Replace <Your-API-Key> with the API key from your dashboard.
Security Recommendations
- Keep your API key private. Never include your key in publicly shared code or client-side applications.
- Rotate your key periodically to reduce the risk of unauthorized access. Use the Expire Key and Unexpire Key tools on the API Key detail page, setting appropriate TTLs (Time-To-Live) to assist with key rotation.
For additional security in certain operations, see X-Vault-Signature and X-Vault-Auth-Signature headers.
By following these steps, you’ll help maintain a secure environment and protect your Signchain resources from unauthorized access.