Overview Quickstart Authentication Payment Flow Wallets & Funding Refunds Spending Controls API Reference Error Codes

Authentication

APISettle uses API keys for service-to-service calls and JWT tokens for user sessions. All requests require authentication.

API key types

Type Prefix Used for
Service key as_live_ / as_test_ Vendor-side: creating quotes, redeeming settlements
Delegate key dk_live_ / dk_test_ M2M access with spending limits
JWT eyJhbG... User sessions: settling payments, managing wallets

Environments

APISettle has two environments. The key prefix tells you which one you're using.

Test

Uses Solana devnet. Free test funds via POST /dev/fund. Keys prefixed as_test_.

Production

Uses Solana mainnet. Real USDC transfers. Keys prefixed as_live_.

Using API keys

Pass your API key as a Bearer token in the Authorization header.

JavaScript 
const res = await fetch('https://api.apisettle.com/v1/quote', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer as_test_k7x9m2...',
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ /* ... */ }),
})
curl 
curl -X POST https://api.apisettle.com/v1/quote \
  -H "Authorization: Bearer as_test_k7x9m2..." \
  -H "Content-Type: application/json" \
  -d '{"service_id": "...", "quote_amount": "500000"}'

Which key for which endpoint

Endpoint Auth
POST /quote Service API key
POST /settle Consumer JWT or Delegate key
POST /settlements/:id/redeem Service API key
POST /settlements/:id/verify Service API key
POST /services JWT
POST /wallets/* JWT
POST /deposits/fiat JWT
POST /refunds Service API key

Key security

Keys are hashed at rest. APISettle stores only the hash. You can't retrieve the original key after creation — only reveal it once via email verification.

Rotation with grace period. When you rotate a key, both old and new keys work during the transition window. No downtime.

Never commit keys to source control. Use environment variables or a secrets manager.

Key rotation

Rotate keys without downtime. The old key remains valid during a grace period so you can update your services gradually.

rotate-key.js 
// Rotate your service API key
const res = await fetch(
  `https://api.apisettle.com/v1/services/${serviceId}/key/rotate`,
  {
    method: 'POST',
    headers: { 'Authorization': `Bearer ${currentKey}` },
  },
)
const { api_key } = await res.json()
// Both old and new keys work during the grace period

Key reveal

Lost your key? Request a one-time reveal link sent to your account email. The link expires after use.

Step Endpoint
Request reveal link POST /services/:id/key/reveal
Verify and get key POST /services/:id/key/reveal/verify
Quickstart Payment Flow