Authentication
Every request to the GriffNode API must include a secret API key. Keys are managed in your Dashboard.
LIVE
Production Key
sk_live_<48 hex chars>
Real transactions on mainnet. Keep this secret.
TEST
Sandbox Key
sk_test_<48 hex chars>
No real funds move. Safe to use during development.
Never expose your secret key. Do not include it in client-side code, browser JavaScript, version control, or any publicly accessible location. All API calls must be made server-side.
Making Authenticated Requests
Pass your key in the Authorization header using the Bearer scheme:
cURL
curl https://api.griffnode.com/v1/transactions/list \
-H "Authorization: Bearer sk_live_a1b2c3d4e5f6..." \
-H "Content-Type: application/json"
For language-specific examples (Node.js, Python, PHP, Go and more) see the GriffNode GitHub.
Security Checklist
Store keys in environment variables — never hardcode them
Add
.env to your .gitignore before the first commit Use
sk_test_ during development, sk_live_ only in production Rotate your live key immediately if it is ever exposed
Make every API call from your server — never from a browser or mobile client