Authentication

Authentication is handled using your public/secret key or api key included in the Authorization header of each request. Read here on how to get your keys.

Authorizing API Calls

All API requests must be made over HTTPS. Calls made over plain HTTP are not secure. Any API requests without authentication will fail. The Authorization header must be sent for every request unless stated otherwise. Not doing so will result in an unauthorized response.

Bitpowr has two methods of authentication:

  1. Bearer Token: Generated by encoding Public Key and Secret Key to create a unique encoded token
  2. Basic RSA API Key: Can be created for a specific account and will only work with that account.

Public and Secret Key

To authenticate using the Public Key and Secret Key, you will need to concat them such as {public_key}:{secret_key} and base64 encode the resulting string before passing it along to the Authorization header.

This method gives you admin access to your all accounts

You can easily do that in example below:

let encodedToken = Buffer.from(`{public_key}:{secret_key}`).toString('base64')
<?php
$str = "$publicKey:$secretKey";
$encodedToken = base64_encode($str);
echo $encodedToken;

?>
import base64
encodedToken = base64.b64encode(f'{public_key}:{secret_key}'.encode('ascii'))
print(encodedToken)

Once you are able to get the encoded token, you can then pass it to your headers as below:

Authorization: Bearer encodedToken

API Keys (RSA)

RSA based API Keys are type of API keys that are only used to interact with specific accounts or wallet. This ensures that the API key can only interact with the account/wallet its connected to. This does not have admin access to your all accounts and should be solely for interacting with a single accounts.

Authorization: Basic <API_KEY>

Notes: Your API key determines what environments, modes and networks you want to connect with via our developer API/SDK. You can read more about Environment here


What’s Next