Skip to main content

API Keys

The settings tab allows you to configure and create API keys. An API key is required to use thirdweb's infrastructure services such as Smart Wallet, Storage and RPCs.

Create an API Key

An API key is made up of two parts:

  • Client ID - This key is used to access thirdweb's infrastructure services and identifies your application. It can be restricted to allowed domains and enabled services.
  • Secret Key - This key is used to access thirdweb's infrastructure services by identifying and authenticating your application from the backend. It is not safe to share this key with anyone. It does not adhere to the restrictions you define. Anyone with the Secret Key can access all thirdweb services.

Creating an API Key

To create an API key:

  • Click the button labeled "Create API Key"
  • Enter a name for the key. The name is used to identify the key in the list of API keys.
  • Select the services that the key will have access to
    • Storage
    • Smart Wallet - you will need to add the smart wallet addresses which will be allowed to use this API key.
    • RPCs
  • Click the "Create" button to create the key.

Create an API Key

This will create an API key that you can use to access thirdweb's infrastructure services by copying the client id and instantiating the thirdweb SDK:

const sdk = new ThirdwebSDK("goerli", {
        clientId: "your-client-id"
    });
danger

It will also generate a secret key that you will need to copy and save in a safe place. You will not be able to view the secret key again.

Your API Key

Viewing and Managing an API Key

To view and manage your API key, click the key from your list of API keys.

View an API Key

This will open a modal where you can restrict your client id, view which services the key has access to and edit your API key.

Manage API Key

The "Services" tab allows you to view which services the key has access to and enable or disable services.

Manage an API Key Services

Editing an API Key

To edit an API key, click the "Edit" button.

Edit an API Key Button

This will allow you to edit the name of the key and the allowed domains.

Edit an API Key

You can also modify which services it is allowed to access by heading to the "Services" tab.

Edit an API Key Services

client Id and Secret Key

The client id is used to access thirdweb services from the browser. It is safe to share this key with anyone as it can be restricted to allowed domains and enabled services.

To restrict the client id to a domain, enter the domain in the "Allowed Domains" field. You can add multiple domains by separating them with a comma.

info

This client id can be used from any domain. Anyone with the key can use it to access all the services enabled for this key.

The secret key is used to access thirdweb services from the backend. It is not safe to share this key with anyone. It does not adhere to the restrictions you define.

danger

Once your API key has been created, you will not be able to view the secret key again. If you lose the secret key, you will need to create a new API key.

Anyone with the Secret Key can access all thirdweb services so store it in a safe place.

Revoking an API Key

To revoke your API key, click the "Revoke" button. This will invalidate the key and it will no longer be usable. You can regenerate the key to create a new one.

Revoke API Key