API Keys
Learn how to perform authentication to access our APIs.
The StraitsX API allows generation and viewing of API key information through secured endpoints.
Securing your API Keys
Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.
X-XFERS-APP-API-KEY
Selecting the right app API key
A SG customer profile can only be created using the XSGD dashboard's APP API Key.
Likewise, an ID customer profile can only be created using the XIDR dashboard's APP API Key.
The app key is used to authenticate your business account.
Note that this key can be used to retrieve details specific to your account in some API endpoints.

StraitsX Business Dashboard > Dev Tools Tab
X-XFERS-APP-SECRET-KEY
The secret key is part of the Connect API which will be deprecated over time. The Customer Profile Flow will replace the Connect Flow. Read more →
The secret key is used during the Connect API process to generate the signature in the request body.
X-XFERS-USER-API-KEY / User API Token
The
user_api_token
is part of the Connect API which will be deprecated over time. The Customer Profile Flow will replace the Connect Flow. Read more →
The user api token or user key is used to initiate API calls specific to your account's users.
Creating a User API token
Creating a User API token is a special task that requires two requests.
curl --location --request POST 'https://sandbox.xfers.io/api/v3/authorize/signup_login' \
--header 'X-XFERS-APP-API-KEY: t4wsjxpwtk6o9tz20j4baj4ifwibin100py1vrvfsqh' \
--form 'phone_no="+65987654321"' \
--form 'signature="1292a784c0ebd0e1927e0028a975981a793fdd1c"'
curl --location --request POST 'https://www.xfers.io/api/v3/authorize/signup_login' \
--header 'X-XFERS-APP-API-KEY: {{APP_API_KEY}}' \
--form 'phone_no="{{USER_HP_NO}}"' \
--form 'signature="{{SIGNATURE}}"'
curl --location --request GET 'https://sandbox.xfers.io/api/v3/authorize/get_token' \
--header 'X-XFERS-APP-API-KEY: t4wsjxpwtk6o9tz20j4baj4ifwibin100py1vrvfsqh-Hc' \
--form 'otp="747156"' \
--form 'phone_no="65987654321"' \
--form 'signature="8ec34111f61f75c671a844e57c468b21d3b8de84"'
curl --location --request GET 'https://www.xfers.io/api/v3/authorize/get_token' \
--header 'X-XFERS-APP-API-KEY: {{APP_API_KEY}}' \
--form 'otp="{{USER_OTP}}"' \
--form 'phone_no="{{USER_HP_NO}}"' \
--form 'signature="{{SIGNATURE}}"'
Summary of API Keys
All accounts have an app key and secret key for production and live environment. User tokens are created when user account details are submitted.
Environment | API Key | Location |
---|---|---|
Sandbox | X-XFERS-APP-API-KEY X-XFERS-APP-SECRET-KEY | 1. StraitsX Business Dashboard(SG/ID) 2. Toggle to Sandbox Mode 3. Navigate to Dev Tools Tab |
Production | X-XFERS-APP-API-KEY X-XFERS-APP-SECRET-KEY | 1. StraitsX Business Dashboard(SG/ID) 2. Navigate to Dev Tools Tab |
Sandbox/Production | X-XFERS-USER-API-KEY | Retrieve from Get a user account token API |
Updated 9 months ago