OneBalance uses API keys to authenticate all requests. You must include your API key in the x-api-key header with every request to access the API.

Get your API key

Testing and development

Start building immediately with our public testing key. This key has limited functionality but lets you explore the API without setup.

Public testing key: 42bb629272001ee1163ca0dbbbc07bcbb0ef57a57baf16c4b1d4672db4562c11

This key works for all endpoints and has rate limits suitable for development.

Production access

Get a production API key with full access and custom configuration for your project.

1

Contact our team

Email support@onebalance.io with your API key request.

2

Provide project details

Include this information in your request:

  • Company name and project name
  • Use case description - what you’re building
  • Expected volume - transactions per day/month
  • Preferred chains - which networks you plan to use (see supported networks)
  • Asset preferences - which tokens you need access to

The more details you provide, the faster we can configure your key with the right permissions.

3

Receive your key

Our team will generate your custom API key and send it to you, typically within 24 hours.

You’ll receive your production key via email along with any specific configuration details.

We’re building self-service API key generation to make this process instant. Stay tuned for updates!

Make authenticated requests

Include your API key in the x-api-key header with every request:

curl -X GET 'https://be.onebalance.io/api/assets/list' \
  -H 'x-api-key: YOUR_API_KEY'

Replace YOUR_API_KEY with your actual key. For testing, use the public key: 42bb629272001ee1163ca0dbbbc07bcbb0ef57a57baf16c4b1d4672db4562c11

Security requirements

Keep your production API key secure. Never expose it in client-side code, public repositories, or logs.

Follow these security practices:

  • Use HTTPS only - All requests must use HTTPS. HTTP requests will fail
  • Store keys securely - Use environment variables or secure key management
  • Rotate keys regularly - Contact support to rotate compromised keys
  • Monitor usage - Watch for unexpected API calls that might indicate misuse

Troubleshooting

Common authentication errors

401 Unauthorized

  • Check that you’re including the x-api-key header
  • Verify your API key is correct and not expired
  • Ensure you’re making requests over HTTPS

403 Forbidden

  • Your key may not have permission for this endpoint
  • Contact support if you need additional access

Rate limited

  • You’re exceeding your key’s rate limits
  • Implement exponential backoff in your retry logic
  • Contact support for higher limits if needed

Need help? Contact support@onebalance.io for assistance with authentication issues.