To generate keys, you must have:
- Sign in to Qredo Web App and generate API keys for API user authentication.
- Generate RSA API sign keys to authorize and sign API requests.
- In the Qredo Web App, add the public RSA key created.
You must never use API keys in the frontend of your application or malicious users could discover them in your source code. You should only use them on your server. You must never embed API keys in your backend code as this increases the risk of discovery.
API keys for authentication¶
The Qredo API keys are Base64-encoded and are used for API user access. There are two types of Qredo authentication API keys:
- Production keys: use these for live action with the Partner API.
- Sandbox keys: use these to test your integration with the Partner API.
Sandbox vs. Production keys
Sandbox and production keys are used in the same environment. There is no difference regarding their use with the API: the base URL and all endpoints are the same.
Generate API keys in Qredo Web App¶
Sign into the Qredo Web App.
In the top right corner, click on your name, select the Account type you need, and click Settings.
Switching accounts is described in greater detail here.
From the tabs, select Partner API to display the following screen:
Click Generate API Key.
Click Copy to clipboard. This copies the Base64-encoded authentication key for the environment to your clipboard.
Paste the key into a text file and save it as
apikey(no file extension). You will use this file with the Partner API Signing Client.
Regenerate keys if needed
If you lose or forget to copy the API key, complete the procedure again to regenerate the API key.
Keep your keys safe!
- DO NOT share your keys with unauthorized parties.
- DO NOT store your keys in easily accessible or compromizable locations.
RSA keys for signing¶
The API requires RSA key pairs for authorizing and signing requests.
- The Qredo server verifies the signature against the public RSA API key.
- The private RSA API key signs the requests.
Generate RSA keys using the CLI¶
The following example uses the CLI (Command Line Interface) for generating the RSA key pair, but you can use any preferred tool to perform this task. The Qredo Partner API works with 2048-bit RSA keys.
Generate a 2048-bit RSA key pair and store the private key in a file named
private.pemusing the CLI command:
openssl genrsa -out private.pem 2048
You should see the following message:
Generating RSA private key, 2048-bit long modulus...
Some versions of OpenSSL may require an additional argument. For OpenSSL 3.0.7 (20021101), also pass -
bash openssl genrsa -traditional -out private.pem 2048
Extract the public key from the key pair and store it in a file named
public.pemusing the command:
openssl rsa -in private.pem -outform PEM -pubout -out public.pem
You should see the following message:
writing RSA key
The key pair files
public.pem are created in the current working folder.
- Private key: you will use to sign, encrypt, and authorize API calls. This is detailed in the next topic, Sign API calls.
- Public key: you will add to your Qredo Wallet Web App account after obtaining API access.
Upload public RSA key to Qredo Web App¶
You need to associate the RSA key pair to your Qredo account by adding your public RSA keys using the Qredo Web App.
To complete this procedure, return to the Partner API page in the Web App:
Sign in to the Qredo Web App.
In the top right corner, click on your name and open Settings for the required account.
Select Upload Public Key to open a dialog box.
public.pemRSA key file you created earlier and open it using a text editor.
Copy the entire contents and paste into the dialog box.
Success: a green
Note, more recent versions of the Web App support just one key type. Use the key in Production and/or the Sandbox environments according to your need.
Next, understand how to authenticate and authorize API calls.