CR
Docs

Authentication

TxProof employs a Hybrid Authentication Model to secure the API while allowing flexibility for different use cases.

API Keys (Machine)

Standard method for backend integrations. Long-lived, revokable keys with specific permissions and quotas.

X-API-KeyBearer sk_...

User JWT (Dashboard)

Short-lived tokens for frontend/dashboard access. Generated via SIWE (Sign-In with Ethereum).

Bearer eyJ...

Using API Keys

API Keys are the primary way to interact with the TxProof API. You can create and manage keys in the Dashboard Settings.

Header Format

You can pass your API key in one of two ways. The X-API-Key header is preferred for clarity.

Option 1: Custom Header (Preferred)

X-API-Key: sk_live_59...

Option 2: Authorization Bearer (Legacy)

Authorization: Bearer sk_live_59...

Example Request

curl https://api.txproof.xyz/api/v1/bills/resolve \
  -X POST \
  -H "X-API-Key: sk_live_59..." \
  -H "Content-Type: application/json" \
  -d '{
    "txHash": "0x5d962...",
    "chainId": 1
  }'

Security Rules

  • Secret Keys: Keys starting with sk_ are secret. Never expose them in client-side code (browsers, mobile apps).
  • Rotation: If a key is compromised, immediately revoke it in the dashboard and generate a new one.
  • Permissions: Provide only necessary scopes when creating keys (e.g. Read-Only for monitoring).