The Wallet-as-a-Service (Palisade) API uses API keys for authentication. This guide explains how to authenticate your API requests.
All API requests to Wallet-as-a-Service (Palisade) must be authenticated using API credentials. These credentials consist of:
- API Key ID - A unique identifier for your API credential
- API Secret - A secret key used to sign requests
- Log in to the Wallet-as-a-Service (Palisade) console
- Navigate to API Credentials
- Click Create API credential
- Configure the credential name and permissions
- Copy and securely store the API key and secret
Security notice
The API secret is only displayed once during creation. Store it securely as it cannot be retrieved later.
For most API endpoints, use Bearer token authentication:
curl -X GET "https://api.palisade.co/v1/vaults" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json"For sensitive operations, requests may require cryptographic signing. The signing process involves:
- Creating a canonical request string
- Signing the string with your API secret
- Including the signature in the request headers
- Access tokens have a limited lifetime
- Refresh tokens before they expire to maintain session continuity
- Revoke compromised credentials immediately from the console
- Rotate credentials regularly - Update API credentials periodically
- Use least privilege - Only grant permissions that are necessary
- Secure storage - Never store credentials in source code or version control
- Monitor usage - Review API credential activity for unauthorized access
| Status Code | Description |
|---|---|
| 401 | Unauthorized - Invalid or missing credentials |
| 403 | Forbidden - Insufficient permissions |
For more information on API credentials, see API credentials best practices.