Authentication

Every request to the GriffNode API must include a secret API key. Keys are managed in your Dashboard.

LIVE
Production Key
sk_live_<48 hex chars>
Real transactions on mainnet. Keep this secret.
TEST
Sandbox Key
sk_test_<48 hex chars>
No real funds move. Safe to use during development.
Never expose your secret key. Do not include it in client-side code, browser JavaScript, version control, or any publicly accessible location. All API calls must be made server-side.

Making Authenticated Requests

Pass your key in the Authorization header using the Bearer scheme:

cURL
curl https://api.griffnode.com/v1/transactions/list \
  -H "Authorization: Bearer sk_live_a1b2c3d4e5f6..." \
  -H "Content-Type: application/json"

For language-specific examples (Node.js, Python, PHP, Go and more) see the GriffNode GitHub.

Security Checklist

Store keys in environment variables — never hardcode them
Add .env to your .gitignore before the first commit
Use sk_test_ during development, sk_live_ only in production
Rotate your live key immediately if it is ever exposed
Make every API call from your server — never from a browser or mobile client