Working with the API
All Truvity Cloud API operations require authentication to return information or make changes to your wallet. You can authenticate your requests by adding a created API key.
Authentication
To authenticate requests, you must pass the API key retrieved from the Admin Panel as an X-API-KEY
header.
The configuration may differ depending on how you work with the API. For example, to configure an bash environment with an API key in a scheme with direct communication to the Truvity Cloud API:
# add environment variable exporting to your bash profile (~/.bash_profile)
export TRUVITY_API_KEY="<API_KEY>"
# make requests with curl using the exported environment variable
curl --request POST \
--url "https://api.truvity.com/api/wallet/v1/entity" \
--header "X-API-KEY: ${TRUVITY_API_KEY}"
Security considerations
Remember that you should pay close attention to who has access to your API keys. If someone is able to retrieve them, they will have the ability to read any information from your wallets and even make changes on your behalf.
It's okay to use API keys directly in frontend applications when building prototypes or in a secured environment. However, consider avoiding using API keys on the frontend if you plan to deploy your application to the public.
The easiest way to secure your API keys is to use a so-called "API proxy", which is essentially a reverse proxy managed by you that accepts requests from your application and redirects them to the Truvity Cloud API by adding necessary headers that are managed on your side and accessible only by you.