Skip to main content

Authentication

The Nexbridge Partner API uses API Key authentication. Each request must include a valid API Key in the Authorization header.

Authorization Header

Authorization: ApiKey <api_key>

Partner Scope

Each API Key is associated with a single approved partner. All requests performed using the API Key are automatically scoped to that partner. Partners cannot access:
  • requests from other partners
  • balances from other partners
  • addresses from other partners
  • funding activity from other partners

API Key Requirements

API Keys are only available for partners with approved operational onboarding. Inactive or rejected partners cannot use API access.

API Key Lifecycle

API Keys support the following states:

Active

The API Key is enabled and can be used to authenticate requests.

Suspended

The API Key is temporarily disabled. Authentication requests using suspended API Keys will fail.

Revoked

The API Key has been permanently revoked and can no longer be used.

Security Recommendations

Partners should:
  • Store API Keys securely
  • Never expose API Keys publicly
  • Rotate API Keys periodically
  • Restrict internal access to authorized systems only

Rate Limiting

Rate limiting policies may apply depending on the integration profile. Partners should implement retry and backoff strategies for temporary failures.

HTTP Responses

Authentication failures return standard HTTP authorization errors. Examples include:
  • Missing API Key
  • Invalid API Key
  • Suspended API Key
  • Revoked API Key

Future Scope

The following authentication features are out of scope for V1:
  • OAuth flows
  • Multi-user API access
  • Self-service API Key creation
  • IP whitelisting management
  • Scoped permissions per endpoint