API keys
All v1 endpoints require an API key in thex-api-key header.
Creating API keys
- Sign in to the AFKCrypto dashboard
- Go to the API Keys section
- Click “Generate API Key”
- Give your key a descriptive name
- Optional: set an expiration (7 days, 30 days, 90 days, 180 days, or 1 year)
- Copy the key immediately — it will not be shown again
Key format
- Prefix: 4-character identifier for quick lookup
- Random: 32-character cryptographically secure random string
Using API keys
Include the key with every request in thex-api-key header:
Security best practices
- Never commit API keys to version control — use environment variables
- Rotate keys regularly — set expiration for temporary access
- Use separate keys per environment — dev, staging, production
- Revoke unused keys immediately — reduce attack surface
- Store securely — use a secrets manager (for example, AWS Secrets Manager or HashiCorp Vault)
Key expiration
API keys can optionally expire after a specified period:- Never expires (default): works until revoked
- 7 days: short-term testing or demos
- 30 days: contractor access or trials
- 90 days: recommended for quarterly rotation
- 180 days: semi-annual rotation
- 1 year: annual rotation for stable integrations
- Requests with that key return HTTP 401
UNAUTHORIZED - The key remains visible in the dashboard for audit history
- Create a new key to replace it as needed
- Dashboard labels keys as “Expired” or “Expiring soon” (≤ 7 days)
- Configure alerts to avoid interruptions
Key limits
- Maximum active keys: 10 per user
- Rate limits apply; see Rate limiting
- Revoke unused keys to stay under the limit
Revoking API keys
Revoke a key immediately in the dashboard:- Open API Keys
- Find the key to revoke
- Click “Revoke Key”
- Confirm the action