search

keyAuth

All API requests require authentication using an API key.

Authentication is performed using a Bearer token in the Authorization header.

hashtag
API Key

Each account can generate one or more API keys from the dashboard.

API keys are:

  • Unique per account

  • Scoped to the account that created them

  • Used for rate limiting

Keys should be stored securely and never exposed in client-side applications.

hashtag
Authorization Header

All requests must include:

Authorization: Bearer YOUR_API_KEY

Example:

curl -X GET https://aurex.cash/api/dashboard/users/{userId} \
  -H "Authorization: Bearer YOUR_API_KEY"

Requests without a valid API key will return:

  • HTTP 401

  • Standard error response format

hashtag
Invalid API Key

If the API key is:

  • Missing

  • Incorrect

  • Revoked

  • Malformed

The API will return:

hashtag
Multiple API Keys

An account may generate multiple API keys.

Each key:

  • Shares the same account balance

  • Has independent rate limiting

  • Can be revoked individually

This allows separation between environments or services.

hashtag
Key Rotation

If a key is compromised:

  1. Generate a new API key.

  2. Update your integration.

  3. Revoke the old key.

Revoked keys immediately lose access to all endpoints.

hashtag
Security Recommendations

  • Store API keys in secure server environments only

  • Do not embed API keys in frontend code

  • Do not commit keys to public repositories

  • Rotate keys periodically

API keys provide full access to account resources.Anyone with access to the key can create users, issue cards, and move funds.

PreviousOverviewNextUsers

Last updated