📗

Learn how to perform authentication to access our APIs.

The StraitsX API allows generation and viewing of API key information through secured endpoints.

🚧

Securing your API Keys

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

X-XFERS-APP-API-KEY

🚧

Selecting the right app API key

A SG customer profile can only be created using the XSGD dashboard's APP API Key.
Likewise, an ID customer profile can only be created using the XIDR dashboard's APP API Key.

The app key is used to authenticate your business account.
Note that this key can be used to retrieve details specific to your account in some API endpoints.

3664

StraitsX Business Dashboard > Dev Tools Tab

X-XFERS-APP-SECRET-KEY

❗️

The secret key is part of the Connect API which will be deprecated over time. The Customer Profile Flow will replace the Connect Flow. Read more →

The secret key is used during the Connect API process to generate the signature in the request body.

X-XFERS-USER-API-KEY / User API Token

❗️

The user_api_token is part of the Connect API which will be deprecated over time. The Customer Profile Flow will replace the Connect Flow. Read more →

The user api token or user key is used to initiate API calls specific to your account's users.

Creating a User API token

Creating a User API token is a special task that requires two requests.

curl --location --request POST 'https://sandbox.xfers.io/api/v3/authorize/signup_login' \
--header 'X-XFERS-APP-API-KEY: t4wsjxpwtk6o9tz20j4baj4ifwibin100py1vrvfsqh' \
--form 'phone_no="+65987654321"' \
--form 'signature="1292a784c0ebd0e1927e0028a975981a793fdd1c"'
curl --location --request POST 'https://www.xfers.io/api/v3/authorize/signup_login' \
--header 'X-XFERS-APP-API-KEY: {{APP_API_KEY}}' \
--form 'phone_no="{{USER_HP_NO}}"' \
--form 'signature="{{SIGNATURE}}"'

curl --location --request GET 'https://sandbox.xfers.io/api/v3/authorize/get_token' \
--header 'X-XFERS-APP-API-KEY: t4wsjxpwtk6o9tz20j4baj4ifwibin100py1vrvfsqh-Hc' \
--form 'otp="747156"' \
--form 'phone_no="65987654321"' \
--form 'signature="8ec34111f61f75c671a844e57c468b21d3b8de84"'
curl --location --request GET 'https://www.xfers.io/api/v3/authorize/get_token' \
--header 'X-XFERS-APP-API-KEY: {{APP_API_KEY}}' \
--form 'otp="{{USER_OTP}}"' \
--form 'phone_no="{{USER_HP_NO}}"' \
--form 'signature="{{SIGNATURE}}"'

Summary of API Keys

All accounts have an app key and secret key for production and live environment. User tokens are created when user account details are submitted.

EnvironmentAPI KeyLocation
SandboxX-XFERS-APP-API-KEY
X-XFERS-APP-SECRET-KEY
1. StraitsX Business Dashboard(SG/ID)
2. Toggle to Sandbox Mode
3. Navigate to Dev Tools Tab
ProductionX-XFERS-APP-API-KEY
X-XFERS-APP-SECRET-KEY
1. StraitsX Business Dashboard(SG/ID)
2. Navigate to Dev Tools Tab
Sandbox/ProductionX-XFERS-USER-API-KEYRetrieve from Get a user account token API

What’s Next