Skip to main content

API Key Usage

All API requests must include your API key in the Authorization header as a Bearer token.

Required Header

Authorization: Bearer YOUR_API_KEY
Content-Type: application/json
Replace YOUR_API_KEY with the key generated from your OpenXSwitch Console.

API Key Setup

  1. Navigate to Accounts → API Management in the OpenXSwitch Console
  2. Click Create API Key
  3. Select required permissions (e.g. wallet, withdrawal, trading, read access)
  4. (Optional but recommended) Enable IP Restrictions
    • Add up to 5 trusted IP addresses
    • Requests from other IPs will be rejected
  5. Click Generate API Key
⚠️ API Management is restricted to Owner and Admin roles only.

Smart Account Authentication

For smart account operations (e.g. wallet creation and transfers), some endpoints require an additional header for execution context. Learn more
x-wallet-secret: YOUR_WALLET_SECRET

Example Requests

  1. Create Sub-wallet
    Create sub-wallet using an authenticated API request.
Request
curl -X POST "https://api.openxswitch.com/v1/sub-wallet/create" \  
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
  "email": "admin@openxswitch.com",
  "name": "openxswitch"
}'
  1. Generate Wallet Address
    Generate or fetch wallet address using an authenticated API request.
curl -X POST "https://api.openxswitch.com/v1/sub-wallet/address" \  
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
  "subWalletId": "3224333.....",
  "coin": "ETH",
  "chain": "ETH"
}'
📘 For further details on API permission, refer to the API permissions documentation

Security Best Practices

  • Keep Your API Key Secret: Never share your API key in public code or repositories.
  • Use IP Restrictions: Limit API access to specific trusted IPs.
  • Grant Minimum Necessary Permissions: Select only the required access rights for your API key (e.g., withdrawal, trade, wallet management) to minimize security risks.
  • Rotate API Keys Regularly: To reduce the risk of compromised credentials.
  • Monitor API Usage: Regularly review API logs and activity to detect any unauthorized access or unusual behavior.