Skip to main content

API Key Authentication

All Wallbit API endpoints require authentication using an API key. You must include your API key in the X-API-Key header with every request.

Getting your API Key

  1. Log in to your Wallbit account (in the app or in the Wallbit Dashboard)
  2. Navigate to Settings → API Keys
  3. Click Create New API Key
  4. Copy and securely store your API key
Your API key will only be shown once. Store it securely and never share it publicly or commit it to version control.

Using your API Key

Include the X-API-Key header in all requests: 
curl -X GET "https://api.wallbit.io/api/public/v1/balance/checking" \
  -H "X-API-Key: your_api_key_here"

API Key Permissions

When creating an API key, you can configure the following permissions:
PermissionDescription
readQuery balances, transactions, and account details
tradeExecute buy and sell orders for stocks
Start with the minimum permissions you need. You can always create additional keys with different permission sets for different use cases.

Security Best Practices

Store your API key in environment variables, not in your code:
export WALLBIT_API_KEY="your_api_key_here"
Then access it in your application:
const apiKey = process.env.WALLBIT_API_KEY;
Rotate your API keys periodically. You can have multiple active keys to enable zero-downtime rotation:
  1. Create a new API key
  2. Update your applications to use the new key
  3. Verify everything works
  4. Revoke the old key
Use different API keys for development, staging, and production environments. This limits the blast radius if a key is compromised.

Authentication Errors

If your API key is invalid or missing, you’ll receive a 401 Unauthorized response: 
{
  "error": "Unauthorized",
  "message": "Invalid or missing API key"
}

View Error Codes

See all possible error responses and how to handle them.