API Keys
Partner API keys authenticate server-to-server requests for wallet provisioning and token deploys. Keys are scoped to your organization and passed via the X-Partner-Key header.
Key Format
bk_ptr_<keyId>_<secret>
keyId— 8-character identifiersecret— 32-character secret (hashed at rest, never stored in plaintext)
The full key is only returned once at creation time. Store it securely.
Managing Keys
Generate, view, and revoke partner keys from the Partner Keys tab in your partner dashboard. You can create up to 5 active keys per organization.
When generating a key:
- Name — 3–64 characters, for your own reference
- IP allowlist — optionally restrict the key to specific IP addresses
The full key is only shown once after creation. Copy and store it securely — you cannot retrieve it later.
Revoked keys stop working immediately. This cannot be undone — generate a new key if needed.
Using a Partner Key
Include the key in the X-Partner-Key header on every server-to-server request:
curl -X POST https://api.bankr.bot/partner/wallets \
-H "Content-Type: application/json" \
-H "X-Partner-Key: bk_ptr_AbC12345_xYzSecretKeyValue1234567890ab" \
-d '{ ... }'
Errors
| Status | Error | Cause |
|---|---|---|
401 | Partner API key required | Missing X-Partner-Key header |
401 | The provided partner API key is invalid or inactive | Key not found, revoked, or wrong secret |
403 | IP address not allowed for this partner API key | Request IP not in allowedIps |
403 | The partner organization associated with this key is inactive | Org deactivated |
IP Allowlisting
When an IP allowlist is set on a key, only requests from those IPs are accepted. Supports individual IPs and CIDR ranges (e.g., 10.0.0.0/24). IPv6-mapped IPv4 addresses (e.g., ::ffff:192.168.1.1) are automatically normalized.
Update the allowlist via the partner dashboard or PATCH /partner/:orgId/api-keys/:keyId with { "allowedIps": ["10.0.0.0/24", "203.0.113.1"] }.