Skip to main content
Every request to the WalletConnect Pay API is authenticated with an API key, passed in the Api-Key header:
API keys are created and managed in the dashboard. A key is shown only once at creation — store it in a secret manager. Anyone with the key can act on behalf of your account.

Test and live keys

Your account has two kinds of keys, one for each mode: The key is the only thing that selects test or live. Both key types work against the same base URL and the same endpoints, and there is no test flag or mode parameter on any request.
Responses do not say whether a resource is test or live — that’s determined by the key that created it.

Errors

Key safety

  • Never expose keys in client-side code. All API calls should be made from your backend.
  • Use test keys everywhere except production. Development, CI, and staging should use wcp_test_ keys.
  • Rotate compromised keys immediately from the dashboard.