Skip to content

Developer Documentation

Authentication

The API supports two methods of authentication. All requests must be made over HTTPS.

Bearer Token (User Context)

Used by frontend clients or services acting on behalf of a specific user. The token is a JWT obtained from the main Arybit authentication service.

Authorization: Bearer <your_jwt_token>

API Key (Server-to-Server)

Used for backend integrations, bots, and automated processes where a user is not directly involved. The key is passed in the `N-API-Key` header.

N-API-Key: nk_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6

API Key Management

List API Keys

GET /v1/auth/keys

Retrieve a list of all active API keys associated with your account.

Query Parameters
Request Body
{}
Body Parameters
Test Request
Response
{
  "status": "success",
  "data": [
    {
      "key_id": 42,
      "description": "Billing Server",
      "permissions": "[\"read\",\"write\"]",
      "last_used_at": null,
      "created_at": "2025-10-26 10:00:00"
    }
  ]
}

Create API Key

POST /v1/auth/keys

Generate a new API key. The key is only shown once upon creation.

Request Body
{
  "description": "My Production Server",
  "permissions": ["read", "write:payments"]
}
Body Parameters
  • description (string, optional): A human-readable description for the key. Defaults to 'API Key'.
  • permissions (array of strings, optional): A list of permissions for the key (e.g., "read", "write:payments"). Defaults to `["read"]`.
Test Request
Response
{
  "status": "success",
  "message": "API Key created. Save it now, it will not be shown again.",
  "api_key": "nk_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6",
  "key_id": 101
}

Revoke API Key

DELETE /v1/auth/keys

Permanently revoke an API key by its ID.

Request Body
{
  "key_id": 101
}
Body Parameters
  • key_id (integer, required): The unique identifier of the API key to revoke.
Test Request
Response
{
  "status": "success",
  "message": "Key revoked"
}