Skip to main content
API keys authenticate your applications when making requests to Swig services. This guide walks you through creating an API key in the Developer Portal.

What API Keys Are Used For

API keys are required for:
  • Fetching policy details via the REST API
  • Creating Swig wallets programmatically
  • Accessing paymaster services for transaction sponsorship

Prerequisites

Before creating an API key, ensure you have:

Creating an API Key

Step 1: Navigate to API Keys

  1. Log in to the Developer Portal
  2. Select your project from the sidebar
  3. Click API Keys in the navigation menu

Step 2: Create New Key

  1. Click the Create API Key button
  2. Enter a name for your key (required, 1-100 characters)
    • Use descriptive names like production-backend or dev-testing
  3. Optionally set an expiration date
    • Leave empty for keys that never expire
  4. Click Create

Step 3: Copy Your Key

Important: Your API key is only shown once. Copy it immediately and store it securely. You will not be able to view the full key again.
After creation, the portal displays your full API key. Copy it and store it in a secure location such as:
  • Environment variables
  • A secrets manager (AWS Secrets Manager, HashiCorp Vault, etc.)
  • Your CI/CD platform’s secret storage

API Key Format

Swig API keys follow this format: 
sk_<64-hexadecimal-characters>
Example: 
sk_a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef12345678
The sk_ prefix identifies it as a Swig API key.

Subscription Limits

API key limits depend on your subscription tier:
TierAPI Keys Allowed
Free1
PaidUnlimited
Need more API keys? Upgrade your subscription in the portal’s billing section.

Using Your API Key

In HTTP Requests

Include your API key in the Authorization header: 
curl -X GET "https://dashboard.onswig.com/api/v1/policies/{policyId}" \
  -H "Authorization: Bearer sk_your_api_key"

With the SDK

Pass your API key when initializing the client: 
import { SwigApiClient } from '@swig-wallet/api';

const client = new SwigApiClient({
  apiKey: process.env.SWIG_API_KEY,
  portalUrl: 'https://dashboard.onswig.com',
});

Best Practices

Security

  • Never commit API keys to version control
  • Use environment variables to store keys in your application
  • Rotate keys periodically, especially if you suspect compromise
  • Use separate keys for development and production environments

Naming Conventions

Use descriptive names that indicate:
  • The environment (dev-, staging-, prod-)
  • The service or application using the key
  • The purpose (backend-api, mobile-app, testing)
Examples:
  • prod-backend-service
  • dev-local-testing
  • staging-mobile-app

Expiration

Consider setting expiration dates for:
  • Temporary access (contractors, testing)
  • Compliance requirements
  • Regular rotation schedules

Managing API Keys

Viewing Keys

The API Keys page shows all your keys with:
  • Name
  • Creation date
  • Expiration date (if set)
  • Usage count
  • Last used timestamp

Deleting Keys

To revoke an API key:
  1. Find the key in the API Keys table
  2. Click the Delete action
  3. Confirm deletion
Deleting an API key immediately invalidates it. Any applications using that key will lose access.

Next Steps

Now that you have an API key, you can: