Overview
Get your keys in seconds and start building
API keys are required to authorize requests against the Crossmint APIs. By using an API key, Crossmint knows which project is making the call, and can deduct credits from your balance.
Staging vs. Production Keys
First, determine if you need a staging (testing) or production API key.
Staging API Keys
Generate API keys for testing in the staging developer console
Production API Keys
Generate API keys for going live in the production developer console
Server-side vs. Client-side Keys
Server-side API keys are used in server-to-server communications or in code running on a server. These keys are not exposed to the end users and can have broader permissions because they are considered more secure, being stored and used in controlled environments.
The majority of Crossmint APIs require a server-side API key. For a comprehensive list of APIs available refer to the API Reference.
Client-side API keys are used in code that runs on the client-side, such as in web browsers or mobile apps. These keys are exposed to the end user and are therefore less secure. They typically have more restrictive permissions to minimize security risks. When creating a client-side API key, you also need to configure authorized origins that are allowed to make calls to the endpoint.
Client-side keys are required for building with the Smart Wallets SDK, Authentication, and Headless Checkout.
You can also perform some custodial wallet actions with these key types. Finally, the Verifiable Credentials SDK also offers some features via client-side keys.