Skip to main content

Overview

The Cred Protocol API uses Bearer token authentication. You must include your API key in the Authorization header of every request.

Getting Your API Key

1

Sign In

Log in to your account at app.credprotocol.com.
2

Navigate to API Keys

Go to the Dashboard and find the API Keys section.
3

Create a Key

Click Create API Key and give it a descriptive name (e.g., “Production”, “Development”).
4

Copy Your Key

Copy the API key immediately. For security reasons, you won’t be able to view it again.

Using Your API Key

Include your API key in the Authorization header using the Bearer scheme: 
curl -X GET "https://api.credprotocol.com/api/v2/score/vitalik.eth" \
  -H "Authorization: Bearer YOUR_API_KEY"

Authentication Errors

401 Unauthorized

If your API key is missing, invalid, or expired, you’ll receive a 401 error: 
{
  "detail": "Invalid or missing API key"
}
Common causes:
  • Missing Authorization header
  • Typo in the API key
  • Using API_KEY instead of Bearer API_KEY
  • Revoked or deleted API key

403 Forbidden

If your API key doesn’t have permission for the requested resource: 
{
  "detail": "Insufficient permissions"
}

Best Practices

API keys should be kept on your server. Never include them in frontend JavaScript, mobile apps, or public repositories.
// ❌ Bad - API key exposed in client-side code
fetch('https://api.credprotocol.com/api/v2/score/vitalik.eth', {
  headers: { 'Authorization': 'Bearer sk_live_abc123' }
});

// ✅ Good - Call your own backend
fetch('/api/credit-score?address=vitalik.eth');
Store your API key in environment variables, not in code:
# .env
CRED_API_KEY=your_api_key_here

// server.js
const apiKey = process.env.CRED_API_KEY;
Create separate API keys for development, staging, and production. This makes it easy to rotate keys without affecting other environments.
Periodically rotate your API keys, especially if you suspect they may have been compromised.
Regularly check your API usage in the Dashboard to detect unusual activity.

Key Management

Viewing Your Keys

You can view all your API keys (but not the key values) in the Dashboard. Each key shows:
  • Name: The name you gave the key
  • Created: When the key was created
  • Last Used: The most recent API request using this key
  • Status: Active or revoked

Revoking a Key

If you need to revoke an API key:
  1. Go to the API Keys section in your Dashboard
  2. Find the key you want to revoke
  3. Click Revoke
Revoking a key is immediate and permanent. Any applications using that key will stop working.

Testing Authentication

Use this endpoint to verify your API key is working: 
curl -X GET "https://api.credprotocol.com/users/me" \
  -H "Authorization: Bearer YOUR_API_KEY"
A successful response returns your user profile: 
{
  "id": "uuid",
  "email": "you@example.com",
  "is_active": true,
  "is_verified": true
}