Now that you have created an app, you are ready to use MetaKeep REST APIs. When you create a new app, a default API key is created for you that you can start using right after creating the app.

👍

Your private keys are never exposed

API keys allow you to start building your product without ever exposing your private keys.

In this article, we will go through the steps of creating and deleting API keys for an app on the MetaKeep Console. We also have a follow-along video tutorial below

Create a new API key

The console allows you to create multiple API keys and name them.

Step 1: Create a new API key and choose a name

Tap on the app, navigate to the API keys tab and tap the Create New Key button.

👍

Multiple keys are supported

You can create multiple new keys and assign them different names

👍

We never store the API keys

Full API Keys are never stored, only the first four characters will be shown after the API keys have been created. You can only view and copy the full API Key at the time of creation.

Step 2: Tap Save to save the new API key

Once you are ready, tap Save to add the API key to the app.

Delete API keys

The console allows you to delete API keys. You will want to delete API keys in case of personnel changes in engineering teams, or to disaster mitigate, in the event your company faces a data breach. It's also a good practice to rotate API keys every few months.

❗️

Rotate your API keys frequently

It's a good security practice to rotate API keys every 3 months or so.

Step 1: Tap the Trash icon

Tap on the app, navigate to the API keys tab, and tap the Trash icon next to the key you want to delete

Step 2: Tap Save to delete the API key

Once you are ready, tap Save to delete the API key.

Step 3: Delete all API keys to lock down the app

You can also delete all API keys to lock down the app. You will want to do this to deny all access to the enterprise wallet of your app.

👍

You enterprise wallet is still safe and secure

Deleting all API keys doesn't delete your enterprise wallet.

Enforce API Signatures

MetaKeep APIs support API Signature to ensure end-to-end security and data integrity. You can enforce that all API calls should be made by providing a valid API signature. Any API call without a valid signature will be rejected with a 401 error.

To enable this feature, turn on the Api Signature Required toggle in your app settings, and then click Save.

📘

API Signatures will be enforced for all API calls soon.

We recommend that you start using API signatures in your application to ensure that your application continues to work without any issues.

Congratulations! You now know how to manage API keys on the console

🎉🎉🎉🎉🎉🎉🎉🎉

Next Steps

In the following articles, we will look at end-user non-custodial wallets, and a lot more.