Authentication
Every API request must include your API key. Here is how to get one, store it safely, and use it correctly.
Getting your API key
Email hello@tryswiftproof.com with your project name and a brief description of your use case. We provision keys manually so we can ensure the right rate limits and permissions for your integration. Expect a response within one business day.
You will receive two keys: a live key (sp_live_...) for production and a test key (sp_test_...) for development. Test keys create chains that appear in your dashboard but never send real notifications.
Using your API key
Pass your key as a Bearer token in the Authorization header on every request.
Authorization: Bearer sp_live_your_key_here Content-Type: application/json
With the JavaScript SDK, pass the key once at initialisation — the SDK handles the header automatically.
import { SwiftProof } from 'swiftproof'; const sp = new SwiftProof({ apiKey: process.env.SWIFTPROOF_API_KEY, });
Storing your key safely
Store your key as an environment variable and load it at runtime.
SWIFTPROOF_API_KEY=sp_live_your_key_here
.env .env.local .env.production
Key rotation
If your key is compromised, email hello@tryswiftproof.com immediately. We will revoke the old key and issue a new one. Existing chains are not affected — they remain valid and verifiable.
Error responses
| Status | Code | Meaning |
|---|---|---|
| 401 | unauthorized | Missing or malformed Authorization header. |
| 403 | forbidden | Valid key but insufficient permissions for this action. |
| 429 | rate_limited | Too many requests. See rate limiting below. |
Rate limiting
The default rate limit is 100 requests per minute per API key. If you exceed this, requests return a 429 response with a Retry-After header indicating how many seconds to wait. Contact us if you need higher limits for your use case.