Management API Reference

Configuration

API keys

Livemode and testing#

Every account is divided into two universes: one for testnet, and one for mainnet. All requests exist in one of those two universes, and objects in one universe cannot be manipulated by objects in the other. In test mode, transactions can only go to testnet networks.

API keys#

You'll need to authenticate your requests to access any of the endpoints in the Openfort API. In this guide, we'll look at how to get an API key.

Project secret and publishable keys#

All accounts have a total of four API keys by default—two for test mode and two for live mode:

  1. Test project secret key: Use this key to authenticate requests on your server when in test mode. By default, you can use this key to perform any API request without restriction.
  2. Test project publishable key: Use this key for testing purposes in your web or mobile app’s client-side code.
  3. Live project secret key: Use this key to authenticate requests on your server when in live mode. By default, you can use this key to perform any API request without restriction.
  4. Live project publishable key: Use this key, when you’re ready to launch your app, in your web or mobile app’s client-side code.

Shield secret and publishable keys#

All accounts have a total of three API keys by default—one for test mode and one for live mode:

  1. Shield secret key: Use this key will allow you to store the recovery share of your users on server.
  2. Shield publishable key: Use this key, when you’re ready to launch your app, in your web or mobile app’s client-side code.
  3. Shield encryption share key: Only used whenever you're using the automatic recovery to encrypt the recovery share.
Type Value When to use
Secret

On the server-side: Must be secret and stored securely in your web or mobile app’s server-side code (such as in an environment variable or credential management system) to call Openfort APIs. Don’t expose this key on a website or embed it in a mobile application.

Publishable

On the client-side: Can be publicly-accessible in your web or mobile app’s client-side code (such as openfort-js).

Reveal an API secret key in your dashboard#

Openfort APIs use your secret key to authenticate requests from your server. To find your API secret key for test mode:

  1. Open the API keys page.
  2. Under API keys, in the Secret key row, click Reveal test key and save the value.