API Keys

API keys serve as a form of identification, authentication, and authorization to control access and monitor interactions with APIs, ensuring that only authorized users and applications can perform specific actions on various services and resources.

API keys are scoped to a user account. When you delete a user's account, its API keys are immediately revoked as well. API keys can be granted access to groups up to the limit of the groups that its related user has access to.

Create API Key

To generate an API key:

  1. In the navigation bar, go to Admin then API Keys , or to limit the scope to your API keys, the user icon and then My API Keys .
  2. Click the New Key button.


  1. Enter a descriptive name for the key that reflects its intended use. Choose Groups that can use the key and click on Create Key .

Alternatively, select Use this key as a public Web3 key. This is only applicable to the Curvegrid Test Network, and provides an endpoint and API key suitable for configuring a web3 wallet such as MetaMask, or third party web3 tooling such as Hardhat.


⚠️ Please note that API keys are sensitive information, and for security reasons, they are not visible after creation. If you lose or forget your API key, you will need to generate a new one.


Revoke API Key

To revoke (delete) an API key, click on the trash bin icon next to the key you want to revoke. Confirm your decision in the popup dialog. Note: This action is permanent and cannot be undone.


Edit API Key

To edit the name of an API key, click on the pencil icon next to the key's name, make your changes, and confirm.


Using API Keys

To use an API key, include it as a bearer token in the Authorization header of your HTTP requests to MultiBaas. Here is a sample curl command illustrating the use of an API key:

curl -X POST 'https://your-deployment.multibaas.com/api/v1/contract' \
     -H 'Content-Type: application/json' \
     -H 'Authorization: Bearer ${YOUR_API_KEY}' \
     -d '{...}'

Replace ${YOUR_API_KEY} with your actual API key, and your-deployment.multibaas.com with your MultiBaas deployment URL.

Security Considerations

  • Treat API keys just like passwords. They should never be shared or exposed in public repositories, logs, or other insecure locations. One exception is DApp User API keys that you might embed into your frontend code to have it work with MultiBaas directly.
  • Use a separate API key for each integration to better manage access and control.
  • Regularly review and revoke API keys that are no longer needed to minimize security risks.
Copyright © Curvegrid 2022. All right reserved.