Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.xentfi.com/llms.txt

Use this file to discover all available pages before exploring further.

Authentication Headers

HeaderRequiredFormatDescription
apiKeyYesxf_ prefixed stringYour unique API key
appIdYesUUID formatYour application identifier

Getting Your API Credentials

1

Log into Dashboard

Navigate to dashboard.xentfi.com and log in.
2

Go to API Keys

Click SettingsAPI Keys in the left sidebar.
3

Generate New Key

Click Generate New API Key, enter a name, and select environment.
4

Copy Credentials

Copy your apiKey and appId. Store them securely - you won’t see the key again!

Making Authenticated Requests

Include both headers in every API request: 
curl -X GET https://api.xentfi.com/v1/master-wallets \
  -H "apiKey: xf_abc123def456..." \
  -H "appId: app_123e4567-e89b-12d3-a456-426614174000"

Authentication Response

Success (200)

When authentication succeeds, you receive the requested data.

Failure (401)

When authentication fails: 
{
    "success": false,
    "error": {
        "code": "UNAUTHORIZED",
        "message": "Invalid API key or appId",
        "timestamp": "2024-01-15T10:30:00.000Z",
        "requestId": "req_123e4567-e89b-12d3-a456-426614174000"
    }
}

API Key Types

TypeEnvironmentUse Case
SandboxTestnetDevelopment and testing
ProductionMainnetLive transactions

Sandbox Keys

  • Use for development and testing
  • Testnet networks only
  • Higher rate limits
  • No real funds required

Production Keys

  • Use for live transactions
  • Mainnet networks only
  • Standard rate limits
  • Real funds transfer

API Key Scopes

ScopePermissionsUse Case
readGET endpoints onlyMonitoring, analytics
writePOST, PUT, DELETEFull API access
adminAll operations + adminAccount management

Security Best Practices

Never share your API keys publicly. Always use environment variables.
PracticeImportanceDescription
Environment variablesCriticalNever hardcode keys in code
Regular rotationHighRotate keys every 90 days
Environment separationHighDifferent keys for dev/prod
Least privilegeHighGrant minimum required scopes
Immediate revocationCriticalRevoke compromised keys immediately
Audit loggingMediumMonitor key usage

Key Rotation

When to Rotate

  • Every 90 days (recommended)
  • Team member departure
  • Suspected compromise
  • Security audit requirement

Rotation Process

Rotating via API

curl -X POST https://api.xentfi.com/v1/api-keys/{keyId}/rotate \
  -H "apiKey: current-api-key" \
  -H "orgId: your-org-id" \
  -H "Content-Type: application/json"

Key Revocation

If a key is compromised, revoke it immediately: 
curl -X DELETE https://api.xentfi.com/v1/api-keys/{keyId} \
  -H "apiKey: your-admin-key" \
  -H "orgId: your-org-id"

Environment Setup

Development Environment (.env)

# Sandbox Environment
XENTFI_API_KEY=xf_sandbox_abc123...
XENTFI_ORG_ID=orgId__123e4567...
XENTFI_ENVIRONMENT=sandbox
XENTFI_BASE_URL=https://api.xentfi.com/v1

Production Environment

# Production Environment
XENTFI_API_KEY=xf_prod_xyz789...
XENTFI_ORG_ID=aorgId_789abc...
XENTFI_ENVIRONMENT=production
XENTFI_BASE_URL=https://api.xentfi.com/v1

Troubleshooting

Possible causes:
  • API key is incorrect
  • API key has been revoked
  • Using sandbox key on production
Solutions:
  • Verify API key in dashboard
  • Generate new key if needed
  • Check environment matching
Solution: Ensure both apiKey and appId headers are included in every request.
Solution: Your API key doesn’t have permission for this operation. Generate a key with required scopes.

Rate Limits by Key Type

Key TypeRequests/SecondRequests/MinuteRequests/Day
Sandbox (Starter)56010,000
Sandbox (Pro)20300100,000
Production (Starter)56010,000
Production (Pro)20300100,000
Production (Business)501,0001,000,000