Linka
Dashboard
Get Started Developer Platform API Reference Changelog
Getting Started
Processes & Infrastructure

Authentication

The Linka API uses API Keys to authenticate requests. Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

API Key Types

We provide two sets of keys for your account:

  1. Test Keys: Use these for development and testing. No real money or on-chain assets are moved.
    • Format: sk_test_...
  2. Live Keys: Use these for your production environment. These move real assets.
    • Format: sk_live_...

Authenticating Requests

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. You must include your secret API key in the Authorization header using the Bearer scheme.

# Example authentication header
Authorization: Bearer sk_live_your_secret_key_here

cURL Example

curl https://api.linka.xyz/v1/wallets \
  -H "Authorization: Bearer sk_live_123456789"

Restricting API Keys (IP Whitelisting)

For added security, we highly recommend whitelisting the IP addresses of your servers. You can configure this in your Linka Dashboard.

  • Static IPs: Recommended for production servers.
  • CIDR Ranges: Supported for larger infrastructure.

Security Best Practices

  • Never commit keys: Use environment variables or a secret management service (Vault, AWS Secrets Manager).
  • Rotate keys regularly: We recommend rotating your production keys every 90 days.
  • Monitor usage: Check your dashboard regularly for any unexpected API activity.

Role-Based Access Control (RBAC)

For larger teams, you can create restricted API keys that only have access to specific resources (e.g., a key that can only view wallet balances but cannot initiate payments).

[!TIP] If you suspect an API key has been compromised, you can revoke it immediately from the dashboard and generate a new one.

Was this page helpful?

Help us improve our documentation