Authentication
The Nexbridge Partner API uses API Key authentication. Each request must include a valid API Key in the Authorization header.Authorization Header
Partner Scope
Each API Key is associated with a single approved partner. All requests performed using the API Key are automatically scoped to that partner. Partners cannot access:- requests from other partners
- balances from other partners
- addresses from other partners
- funding activity from other partners
API Key Requirements
API Keys are only available for partners with approved operational onboarding. Inactive or rejected partners cannot use API access.API Key Lifecycle
API Keys support the following states:Active
The API Key is enabled and can be used to authenticate requests.Suspended
The API Key is temporarily disabled. Authentication requests using suspended API Keys will fail.Revoked
The API Key has been permanently revoked and can no longer be used.Security Recommendations
Partners should:- Store API Keys securely
- Never expose API Keys publicly
- Rotate API Keys periodically
- Restrict internal access to authorized systems only
Rate Limiting
Rate limiting policies may apply depending on the integration profile. Partners should implement retry and backoff strategies for temporary failures.HTTP Responses
Authentication failures return standard HTTP authorization errors. Examples include:- Missing API Key
- Invalid API Key
- Suspended API Key
- Revoked API Key
Future Scope
The following authentication features are out of scope for V1:- OAuth flows
- Multi-user API access
- Self-service API Key creation
- IP whitelisting management
- Scoped permissions per endpoint