Authentication

The Opsion API uses API keys for authentication. All requests must include a valid key in theAuthorization header.

API Keys

Generate API keys from Settings → API Keys in the console. Keys are shown once at creation time — store them securely in an environment variable or secrets manager.

⚠

Keep keys secret

Never commit API keys to source control or expose them in client-side code. Use environment variables or a secrets manager such as AWS Secrets Manager, HashiCorp Vault, or Doppler.

Making requests

Pass your API key as a Bearer token in the Authorization header:

bash

curl https://api.opsion.xyz/v1/wallets \
  -H "Authorization: Bearer ops_live_xxxxxxxxxxxxxxxxxxxx"

typescript

const res = await fetch('https://api.opsion.xyz/v1/wallets', {
  headers: {
    Authorization: `Bearer ${process.env.OPSION_API_KEY}`,
    'Content-Type': 'application/json',
  },
})
const data = await res.json()

Key scopes

Each API key can be scoped to limit what it can access. Available scopes:

Scope	Description
`wallets:read`	List and retrieve wallets
`wallets:write`	Create, update, and delete wallets
`alerts:read`	List and retrieve alert rules and events
`alerts:write`	Create, update, and delete alert rules
`webhooks:write`	Manage webhook endpoints
`audit:read`	Export audit logs (compliance)

Rotating keys

You can rotate a key from the console without downtime by creating a new key, updating your application to use it, then revoking the old key. Old keys are revoked immediately upon deletion.