API Keys
The StraitsX API allows generation and viewing of API key information through secured endpoints. You can find your API keys on the StraitsX Dashboard Dev Tools page.
Securing your API Keys
Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.
X-XFERS-APP-API-KEY
The app key is used during the Connect API process to:
- Create an account
- Trigger OTP
- Retrieve a User API Token to initiate transfers for your user
Note that this key can be used to retrieve details specific to your account in some API endpoints.


StraitsX Business Dashboard > Dev Tools Tab
X-XFERS-APP-SECRET-KEY
The secret key is used during the Connect API process to generate the signature in the request body.


X-XFERS-USER-API-KEY / User API Token
Note that the user api token is used to initiate API calls specific to your account's users.
Creating a User API token
Creating a User API token is a special task that requires two requests.
curl --location --request POST 'https://sandbox.xfers.io/api/v3/authorize/signup_login' \
--header 'X-XFERS-APP-API-KEY: t4wsjxpwtk6o9tz20j4baj4ifwibin100py1vrvfsqh' \
--form 'phone_no="+65987654321"' \
--form 'signature="1292a784c0ebd0e1927e0028a975981a793fdd1c"'
curl --location --request POST 'https://www.xfers.io/api/v3/authorize/signup_login' \
--header 'X-XFERS-APP-API-KEY: {{APP_API_KEY}}' \
--form 'phone_no="{{USER_HP_NO}}"' \
--form 'signature="{{SIGNATURE}}"'
curl --location --request GET 'https://sandbox.xfers.io/api/v3/authorize/get_token' \
--header 'X-XFERS-APP-API-KEY: av2x85PgPJ3am93n3Dej7rQ8DN4SaRBX7nkyWyJq-Hc' \
--form 'otp="747156"' \
--form 'phone_no="+6590123456"' \
--form 'signature="8ec34111f61f75c671a844e57c468b21d3b8de84"'
curl --location --request GET 'https://www.xfers.io/api/v3/authorize/get_token' \
--header 'X-XFERS-APP-API-KEY: {{APP_API_KEY}}' \
--form 'otp="{{USER_OTP}}"' \
--form 'phone_no="{{USER_HP_NO}}"' \
--form 'signature="{{SIGNATURE}}"'
Summary of API Keys
All accounts have an app key and secret key for production and live environment. User tokens are created when user account details are submitted.
Environment | API Key | Location |
---|---|---|
Sandbox | X-XFERS-APP-API-KEY |
|
Production | X-XFERS-APP-API-KEY |
|
Sandbox/Production | X-XFERS-USER-API-KEY | Retrieve from Get a user account token API |
Don't see your API keys? Contact our Support team to generate a sandbox API key for testing.
Updated 10 days ago