Liminal Express authenticates your API requests using your account’s API key. The API key is a unique identifier that generates a client ID and secret to access wallets and infrastructure using the Liminal Express API and SDK.

Owners and Admins can create and manage API keys for their respective user accounts. Navigate to the developer dashboard, Dev on your Liminal Vaults account, to create, disable, whitelist, rotate, or delete your API key.

Prerequisite

1. You have created an account within your organisation in Liminal Vaults. Check out the Onboarding guide to onboard your organisation.
2. You are an Owner or Admin user. Check User Roles to learn about Liminal Vaults user roles.
3. You have downloaded the Liminal Express SDK.

Create an API Key

Liminal Express APIs require an API key to authorize a request, and it acts as a secret that only the client and the server can verify to make API calls. You can consider your key and secret as the required API credentials, like a username (key) and password (secret). When you create an API key, it generates a client ID and a client secret in a CSV file format. Both values are required to authorize a request to Liminal Express and must be saved securely.

The associated fields include:

📘

Note

• You can only have one active API key. We recommend rotating your key during the required intervals.
• You have to delete your current key to create a new one.

Steps to create an API key

Follow the steps below:

1. Log in to your Liminal Vaults account.

2. Click Dev in the left navigation bar to navigate to the developer dashboard.

   

3. Click Generate Key in the API Key section.

   

4. Enter the fields for the API key name, select its expiry date, and a unique email address where you will receive transaction notifications.

5. Click Generate Now.

   

6. Enter the required 2FA verification code to continue.

7. Click Download client ID and secret to download your API key values. Store it securely; you cannot retrieve it later.

   
   
   

8. Your API key is now active and will appear in the list of API keys in the API key section with a green dot for its status.

   Click on the View icon to check your client ID for reference.

   

9. Before finishing up, we recommend specifying the Source and Express IP addresses you want to whitelist for your current IP address. Select Click here to navigate to the IP Whitelist panel.

   Follow steps 1 to 3 mentioned in the Whitelist Address per Key section to whitelist IP addresses for enhanced security.

10. (Optional but recommended) Configure and implement HMAC secret key on Liminal Vaults and server side as an enhanced secureity layer for your whitelisted API addresses.

📘

Note

• Expiry notifications: Liminal sends reminders to your specified email address in 1-month, 15-day, 7-day, and 1-day intervals before expiration.
• Before expiry: We recommend rotating (regenerating) your API key. Liminal Vaults will generate a new secret ID that you can download and save securely.
• After expiry: An expired API key is revoked and added to the API key list. You will need to create a new API key to access Liminal Express APIs.

Manage API Key

Owners and Admins can whitelist IP addresses specified for the current API key, rotate (regenerate) before it expires, disable/enable, and delete it. You will receive notifications on your Liminal Vaults dashboard when you perform an API key action.

Refer to the Manage my API Key guide to perform the required actions.

API Key Status

An API Key has the following statuses:

Best Practices

• Save API Key. CSV file securely and treat it privately, like a password.
• Rotate (regenerate) API secrets periodically.