Skip to main content

API keys

API keys authenticate requests to the Prudra API. Each organisation has separate test and live keys.

Key formats

FormatEnvironmentExample
prv_test_sk_...Test (sandbox)prv_test_sk_abc123...
prv_live_sk_...Live (production)prv_live_sk_abc123...
Test keys use testnet RPC and simulated payments. Live keys use mainnet and process real transactions. Never use live keys in development.

Create an API key

Go to Settings → API Keys and click Create key.

List API keys

curl https://api.prudra.dev/organisations/current/api-keys \
  -H "Authorization: Bearer prv_test_sk_..."
API key values are not included in list responses — only IDs and metadata.

Revoke an API key

curl -X DELETE https://api.prudra.dev/organisations/current/api-keys/key_clx1abc123 \
  -H "Authorization: Bearer prv_test_sk_..."
Revocation takes effect immediately. Any server using the revoked key will start receiving 401 errors. Issue a new key before revoking the old one.

Best practices

  • Store keys in environment variables, never in code
  • Use separate keys per deployment (staging vs production)
  • Rotate keys regularly — create new, update servers, revoke old
  • Revoke keys immediately if they may have been exposed