API Keys Management

Generate, manage, and secure API keys for accessing Looping Binary's services programmatically.

What are API Keys?

API keys are SHA-256 encrypted credentials that allow secure server-to-server communication with Looping Binary's services. They enable you to manage users, mint coins, and perform administrative operations programmatically.

Key Features

SHA-256 Encryption

All keys are encrypted using SHA-256 hashing for maximum security

Permission Scopes

Granular permissions: read, write, and admin access levels

Usage Tracking

Monitor API key usage with timestamps and request logs

Instant Revocation

Revoke or delete keys immediately when needed

Permission Levels

READ

Read Access

  • View user information
  • Check coin balances
  • View transaction history
  • Get treasury balances
WRITE

Write Access

  • All READ permissions
  • Transfer coins between users
  • Create new users
  • Update user profiles
ADMIN

Admin Access

  • All WRITE permissions
  • Mint new coins
  • Burn coins from wallets
  • Manage treasuries
  • Delete users
  • Generate new API keys

Creating an API Key

Generate a new API key with specified permissions:

POST/api/admin/api-keys
JavaScript
fetch('https://api.loopingbinary.com/api/admin/api-keys', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer ' + adminToken
  },
  body: JSON.stringify(({
    name: 'Production API Key',
    permissions: ['read', 'write', 'admin']
  })
})

Response Example:

{
  "message": "API key created successfully",
  "apiKey": {
    "id": "key_abc123xyz",
    "name": "Production API Key",
    "key": "lb_live_1234567890abcdef",
    "permissions": ["read", "write", "admin"],
    "createdAt": "2025-10-02T19:00:00Z"
  }
}

Important: Save Your Key

The API key is only shown once during creation. Store it securely in your environment variables. You won't be able to retrieve it again.

Listing API Keys

Retrieve all API keys associated with your account:

GET/api/admin/api-keys
JavaScript
fetch('https://api.loopingbinary.com/api/admin/api-keys', {
  headers: {
    'Authorization': 'Bearer ' + adminToken
  }
})

Response Example:

{
  "apiKeys": [
    {
      "id": "key_abc123xyz",
      "name": "Production API Key",
      "permissions": ["read", "write", "admin"],
      "lastUsed": "2025-10-02T18:30:00Z",
      "createdAt": "2025-10-01T10:00:00Z"
    },
    {
      "id": "key_def456uvw",
      "name": "Development Key",
      "permissions": ["read"],
      "lastUsed": null,
      "createdAt": "2025-09-28T14:20:00Z"
    }
  ]
}

Revoking an API Key

Permanently delete an API key:

DELETE/api/admin/api-keys/:id
JavaScript
fetch('https://api.loopingbinary.com/api/admin/api-keys/key_abc123xyz', {
  method: 'DELETE',
  headers: {
    'Authorization': 'Bearer ' + adminToken
  }
})

Using API Keys in Requests

Include your API key in the x-api-key header:

JavaScript
fetch('https://api.loopingbinary.com/api/admin/users', {
  headers: {
    'x-api-key': 'lb_live_1234567890abcdef',
    'Authorization': 'Bearer ' + token
  }
})

Security Best Practices

  • Never commit API keys to version control (use .env files)
  • Rotate keys regularly (every 90 days recommended)
  • Use separate keys for development and production
  • Grant minimum required permissions (principle of least privilege)
  • Monitor API key usage for suspicious activity
  • Revoke keys immediately if compromised
  • Never share API keys via email or messaging apps

Next Steps

Admin API Reference

Complete admin operations

Security Best Practices

Learn security guidelines