About API Keys

A secure method for data interaction, API Authentication is an essential part of our RESTful API. It is designed to ensure that every request made to the API is from an authenticated and authorized source. Without proper authentication, the API request will be declined.

API keys hold substantial permissions, hence it's crucial to maintain their confidentiality!



Avoid exposing your private API keys in publicly viewable spaces like GitHub, or within client-side code, among others.

Generating an API Key

The Kulipa API uses API Keys to authenticate requests through HTTP Basic Authentication. Authentication is performed with the header x-api-key: apiKey.
All API calls are required to be executed over HTTPS. Attempts made via unsecured HTTP will not be successful. Similarly, API requests lacking proper authentication will be rejected.


curl \
  -H "Content-Type: application/json" \
  -H "x-api-key: apiKeyXxx"

Sandbox versus Production

Every Kulipa API call operates in either a sandbox or production environment.
Utilize the sandbox mode for interacting with test data, and the production mode for engaging with real account data.
Each mode is associated with its distinct API keys.
Objects exclusive to one environment remain inaccessible in the other environment.

Production API keys access



A production API key can only be displayed once.
If misplaced, it cannot be recovered from the Dashboard.
In such instances, either roll it or delete it, and subsequently generate a new one.