API Keys and Authentication

All access to Proof API endpoints require an API key or the use of OAuth client credentials for authentication. Read to see how you can create and use an API key. Please see OAuth Client Credentialsfor information on configuring and utilizing OAuth instead of API keys.

Creating a Production API Key

API Keys can be created instantly from Settings >> API Keys in your Business Account. The Settings menu is only accessible to users with the Admin role.

If you're unable to find API key settings in your account, you may need to upgrade your plan. Reach out to [email protected], or your dedicated Customer Success Manager.

Creating a Fairfax (Test) API Key

Follow the same instructions for creating a production API key, but in your Fairfax account. To gain access to our Fairfax environment, contact [email protected], or your dedicated Customer Success Manager. Once you have access to Fairfax, creating the API key follows the same process as above for Production.

Types of API Keys

• Full Access: lets the caller create, update, and delete transactions. Meant to be secret and for internal code usage only.
• Client Only: only lets the caller create transactions. Intended for usage in client-facing applications, and thus can be freely exposed. EasyLinks are centered on Client-Only API Keys.

Authenticating via API Key

Authentication is simple - just include your key in the request header with the following format:

Headers {
ApiKey: {YOUR API KEY HERE} 
Content-Type: application/json
}

API Key prefixes

Each of our API keys have a specific prefix depending on its access level and environment. The prefix for each type of key are as follows:

This allows us to partner with Github's Secret Scanning program to detect secrets leaked in public Github repositories. If you are ever notified that one of your keys has been leaked, you must revoke it as soon as possible. You can read more about how to revoke leaked secrets here.