API Keys
Scopes
Enabling required permissions for API calls
Below is a complete list of the API scopes available. You can also find the scope a specific API requires in the API Reference section.
Wallet APIs
| Scope | Description | Server Key | Client Key |
|---|---|---|---|
wallets.read | Retrieve all wallets for a user. | ✅ | ✅ |
wallets.create | Create a wallet for a user. | ✅ | ✅ |
wallets:nfts.read | Fetch the NFTs owned by a specific wallet address. | ✅ | ✅ |
wallets:nfts.transfer | Transfer an NFT from a user’s wallet. | ✅ | |
wallets:messages.sign | Sign a message from a user’s wallet. | ✅ |
When using the Smart Wallets SDK you must use a client-side API key.
The wallets.read, wallets.create, and wallets.nfts.read scopes also work client-side for custodial wallets.
Verifiable Credentials
| Scope | Description | Server Key | Client Key |
|---|---|---|---|
credentials.read | Fetch credentials, some endpoints will only work with a server side key. | ✅ | ✅ |
credentials.decrypt | Decrypt credentials, mainly used by our client side SDK. | ✅ | ✅ |
credentials:templates.create | Create a template for your credentials. | ✅ | |
credentials.create | Issue your credentials and create credential types | ✅ | |
credentials.delete | Revoke a credential issued to a subject. | ✅ |
Minting APIs
| Scope | Description | Server Key | Client Key |
|---|---|---|---|
nfts.create | Mint your NFTs and deliver them to a wallet or to an email address. | ✅ | |
nfts.update | Update a minted NFT’s metadata on IPFS (image, description, name…). | ✅ | |
nfts.read | Retrieve all metadata for an NFT. | ✅ | |
nfts.delete | Burn a specific NFT within a collection. | ✅ | |
collections.create | Create a collection of NFTs. | ✅ | |
collections.update | Update information for an existing collection (image, name, royalties…). | ✅ | |
collections.read | Retrieve the information about a specific collection. | ✅ |
Payments APIs
| Scope | Description | Server Key | Client Key |
|---|---|---|---|
orders.create | Create an order for headless checkout. | ✅ | ✅ |
orders.read | Get an existing order for headless checkout. | ✅ | ✱ |
orders.update | Update an existing order for headless checkout. | ✅ | ✱ |
When updating or reading order status from the client-side, you must pass the
clientSecret returned in the create-order call as an authorization header. The clientSecret provides the authorization and an API Key is not required in this use case. See this guide in the Headless Checkout docs.Authentication
| Scope | Description | Server Key | Client Key |
|---|---|---|---|
users.create | Create users / allow them to sign up. | ✅ | |
users.read | Get profile info for user accounts. | ✅ |
Project Administration
| Scope | Description | Server Key | Client Key |
|---|---|---|---|
billing.readonly | Get balance in credits for a project. | ✅ | |
projects:usage.read | Get usage for the different products in a project | ✅ |