Skip to content

API keys

TL:DR

  • Administrators create and configure API keys
  • Keys can provide access at different levels:
    • Account level (Personal or Organizational)
    • Wallet / Vault
  • API keys make up part of your custody layer

Overview

Supported in Prerequisites
v1 requirements

API keys may be provided to trusted parties to allow them to engage with your Organization, Funds, and Wallets. Individual API keys may be configured to enable granular control over the access rights they confer.

API key control

There are several layers of control afforded to API keys:

  • Permissions assigned the key.

See generate keys for further information.

  • The Entity the key applies to.

Assign permissions from the Organizational perspective or, if there are multiple Wallets, at the Wallet level:

granular api key control

Administrators and the Qredo API

Personal and Organization accounts are separated

This means that you can't view the Organization's assets, Funds, and Wallets using a Personal account API key and secret pair; and vice-versa.

In your Organization, only accounts with the Administrator role have set up access to the Qredo API v1. This means that only an Administrator can:

  • Create/delete the Organization API key & API secret pairs
  • Set permissions of API keys
  • Access API key and secret pairs to share with a trusted party

Since an Organization can have multiple Administrators, each can generate an API key and secret pair for their individual use, or for use by trusted parties under their domain.

Any Organization member with API key and secret can access the Qredo API v1

Regardless of their role, any member of an Organization with an API key and API secret can access the Organizational data. It is up to an Organization Administrator to communicate a relevant key and secret pair to another member of the Organization. Use secure channels only!


Last update: 2022-11-23