Guides

Authentication

This guide will walk you through the process of authenticating your API requests. By following these steps, you'll be able to securely access our services and utilize their full potential.

Suggest Edits

1. Understanding API Keys

Our API uses a combination of a Public Key and an API Key to identify and authenticate your requests.

  • Public Key: This key is used to identify your application. While it's part of the authentication process, it's generally safe to expose publicly (e.g., in client-side code).
  • API Key: This is your secret key and must be kept confidential. It's used in conjunction with your Public Key to generate a secure authentication token. Never expose your API Key in client-side code or public repositories.

2. Obtaining Your API Keys

To begin, you need to retrieve your unique Public Key and API Key from your dashboard account.

Steps:

  1. Log in to your Dashboard Account: Go to https://b2b.honeycoin.app/login and log in with your credentials.
  2. Navigate to API Keys: Once logged in, locate the "API Keys" under the "Developers" section. This is found on the sidebar.
  3. Copy Your Keys: On the API Keys page, you will find your:
    1. Public Key
    2. API Key: [Example: HC_yyyyyyyyyyyyyyyyyyyyyyyy]
      Carefully copy both keys. We recommend storing your API Key securely (e.g., in environment variables, a secrets manager, or a secure configuration file) and not directly in your code.

3. Generating a Bearer Token

Once you have your Public Key and API Key, you'll use our Bearer Token API to generate an authentication token. This token will then be used for subsequent API requests.

Endpoint: https://api-v2.honeycoin.app/api/b2b/auth/generate-bearer-token
Method: POST

Example cURL Request:

curl --request POST \
     --url https://api-v2.honeycoin.app/api/b2b/auth/generate-bearer-token \
     --header 'accept: application/json' \
     --header 'api-key: YOUR_API_KEY' \
     --header 'content-type: application/json' \
     --data '{"publicKey":"YOUR_PUBLIC_KEY"}'

Response:

{
  "success": true,
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.....",
  "expiresAt": 1752085041 // in seconds
}

The token field in the response contains your generated Bearer Token.


4. Using the Bearer Token for API Requests

With your Bearer Token in hand, you can now make authenticated requests to our other API endpoints. You'll pass the token in the Authorization header of your requests.

Header Format:

Authorization: Bearer YOUR_BEARER_TOKEN

Example cURL Request to an Authenticated Endpoint:

curl -X GET  
  <https://api.yourdomain.com/v1/data>  
  -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c'  
  -H 'Content-Type: application/json'

Important Considerations:

Token Expiration: Bearer Tokens have a limited lifespan (indicated by expiresIn). Your application should be designed to handle token expiration and refresh the token when necessary by re-calling the Bearer Token API.

Secure Storage: Always store your Bearer Token securely on the server-side if your application is server-based. For client-side applications, consider using secure storage mechanisms like sessionStorage (for temporary tokens) or localStorage (with careful security considerations).

Error Handling: Implement robust error handling for API requests, especially for authentication failures (e.g., invalid API keys, expired tokens).

Updated 21 days ago