> ## Documentation Index
> Fetch the complete documentation index at: https://developer.wallbit.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Learn how to authenticate with the Wallbit API

## API Key Authentication

All Wallbit API endpoints require authentication using an API key. You must include your API key in the `X-API-Key` header with every request.

### Getting your API Key

1. Log in to your Wallbit account (in the app or in the [Wallbit Dashboard](https://developer.wallbit.io/dashboard))
2. Navigate to **Settings → API Keys**
3. Click **Create New API Key**
4. Copy and securely store your API key

<Warning>
  Your API key will only be shown once. Store it securely and never share it
  publicly or commit it to version control.
</Warning>

### Using your API Key

Include the `X-API-Key` header in all requests:

```bash theme={null}
curl -X GET "https://api.wallbit.io/api/public/v1/balance/checking" \
  -H "X-API-Key: your_api_key_here"
```

### API Key Permissions

When creating an API key, you can configure the following permissions:

| Permission | Description                                                                                                                                                     |
| ---------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `read`     | Query balances, transactions, assets, wallets, account details, exchange rates (`GET /api/public/v1/rates`), and fee configuration (`POST /api/public/v1/fees`) |
| `trade`    | Execute buy and sell orders for stocks                                                                                                                          |

<Info>
  Start with the minimum permissions you need. You can always create additional
  keys with different permission sets for different use cases.
</Info>

### Security Best Practices

<AccordionGroup>
  <Accordion title="Environment Variables" icon="leaf">
    Store your API key in environment variables, not in your code: `bash
            export WALLBIT_API_KEY="your_api_key_here" ` Then access it in your
    application: `javascript const apiKey = process.env.WALLBIT_API_KEY; `
  </Accordion>

  <Accordion title="Key Rotation" icon="rotate">
    Rotate your API keys periodically. You can have multiple active keys to
    enable zero-downtime rotation: 1. Create a new API key 2. Update your
    applications to use the new key 3. Verify everything works 4. Revoke the old
    key
  </Accordion>

  <Accordion title="Separate Keys per Environment" icon="layer-group">
    Use different API keys for development, staging, and production
    environments. This limits the blast radius if a key is compromised.
  </Accordion>
</AccordionGroup>

### Authentication Errors

If your API key is invalid or missing, you'll receive a `401 Unauthorized` response:

```json theme={null}
{
  "error": "Unauthorized",
  "message": "Invalid or missing API key"
}
```

<Card title="View Error Codes" icon="triangle-exclamation" href="/api-reference/errors">
  See all possible error responses and how to handle them.
</Card>
