Circle APIs: API Keys
Get the API keys you need to authenticate client requests—and learn how to keep them safe.
API keys are unique data strings used to authenticate a user and enable access to privileged operations on Circle APIs. All Circle APIs use API keys as the mechanism to authenticate client requests. Your API key should be kept confidential and secure at all times.
- Authentication is required for all API requests; without it, the requests will fail.
- All API requests must be made over HTTPS.
Keep Your API Keys Safe
Because our API keys allow access to privileged operations on Circle APIs, you must keep them secure at all times.
- Ensure your API key is always stored securely.
- Never share it or record it in a publicly accessible medium (client-side code, public repositories, etc.).
Get API keys on sandbox
Use our sandbox environment to learn and try out the Circle API request and response formats, build prototypes, and write your integration code.
To obtain the API key, visit the “Developer” section in sandbox and click “get new API key.” Set the key in the Authorization header of the request you send from your backend server. Use the header format:
Bearer YOUR_API_KEY
.
Get API keys for production
When you’re ready to move into production, you’ll need production API keys. You can get them by applying for a Circle Account Circle Account and requesting your API keys.
IP Access List in Production Environment
As a further safety measure to avoid fraud, your company’s IP addresses must be placed on our IP access list. Please contact your Circle account manager to add your IPs to our allowlist.
Updated 15 days ago