API Keys
All API requests are authenticated with an API key. Generate one from the mag3nt dashboard, then include it in every request:
Authorization: Bearer mag3nt_live_your_api_key_here
Using with the SDK
import { Mag3nt } from "@mag3nt/sdk";
const mag3nt = new Mag3nt({
serverURL: "https://mag3nt.com",
security: {
bearerAuth: process.env.MAG3NT_API_KEY,
},
});
Managing keys
// Generate a new key
const key = await mag3nt.keys.keysCreate();
console.log(key.apiKey);
// ⚠️ Store securely:shown only once
// List active keys
const keys = await mag3nt.keys.keysList();
// Revoke a compromised key
await mag3nt.keys.keysRevoke(keyHash);
// Validate a key is working
const check = await mag3nt.keys.keysValidate();
console.log(check.valid); // true
Best practices
Never expose API keys in client-side code. API keys grant full access to your treasury. Use them only in server-side code or secure agent environments.
- Use environment variables:never hardcode keys in source
- One key per agent:if an agent is compromised, revoke only its key
- Rotate regularly:generate new keys and revoke old ones
Public endpoints
These endpoints require no authentication:
| Endpoint | Description |
|---|
statusGet | Platform health |
statusGetConfig | Treasury addresses and configuration |
fundingListTokens | Supported tokens per network |
payLinksGet | Public pay link details |
payLinksResolve | Resolve pay link for payment |
payLinksPrepare | Prepare payment for a pay link |
payLinksSettle | Submit on-chain payment proof |