Skip to main content

Overview

API keys authenticate your server-side applications with the AgentWallex API. Each key starts with the awx_ prefix and is tied to your account.

Creating API Keys

Create API keys through the dashboard or the REST API (requires JWT authentication):

Via Dashboard

  1. Log in to the AgentWallex Dashboard.
  2. Navigate to Settings > API Keys.
  3. Click Create API Key.
  4. Give the key a descriptive name (e.g., production-backend, staging-ci).
  5. Copy and securely store the key — it is only shown once.

Via API

curl -X POST https://api.agentwallex.com/api/v1/api-keys \
  -H "Authorization: Bearer eyJhbGciOi..." \
  -H "Content-Type: application/json" \
  -d '{"name": "production-backend"}'
The full API key is only returned once at creation time. Store it immediately in a secure secrets manager.

Listing API Keys

curl -X GET https://api.agentwallex.com/api/v1/api-keys \
  -H "Authorization: Bearer eyJhbGciOi..."
The response includes key metadata but never the full key value: 
{
  "data": [
    {
      "id": "key_abc123",
      "name": "production-backend",
      "prefix": "awx_...x4f2",
      "created_at": "2025-06-01T10:00:00Z",
      "last_used_at": "2025-06-15T14:30:00Z"
    }
  ]
}

Rotating API Keys

1

Create a new key

Create a new API key via the dashboard or API.
2

Update your application

Deploy the new key to your application’s environment variables.
3

Verify the new key works

Confirm that API calls succeed with the new key.
4

Delete the old key

Remove the old key to prevent unauthorized access:
curl -X DELETE https://api.agentwallex.com/api/v1/api-keys/key_abc123 \
  -H "Authorization: Bearer eyJhbGciOi..."
Rotate API keys at least every 90 days. Set a calendar reminder or automate rotation with your CI/CD pipeline.

Rate Limits

API rate limits depend on your plan tier:
PlanRequests/minRequests/dayConcurrent connections
Starter6010,0005
Growth300100,00025
EnterpriseCustomCustomCustom
When you exceed the rate limit, the API returns a 429 Too Many Requests response with a Retry-After header: 
{
  "code": "rate_limit_exceeded",
  "type": "rate_limit_error",
  "message": "Rate limit exceeded. Retry after 30 seconds."
}
Rate limits are applied per API key. If you need higher limits, contact the AgentWallex team or upgrade your plan.

Best Practices

  • One key per environment — Use separate keys for development, staging, and production.
  • Name keys descriptively — Include the environment and service name (e.g., prod-payment-service).
  • Monitor usage — Check last_used_at to identify unused keys that should be deleted.
  • Never share keys — Each team member or service should have its own key.
  • Use a secrets manager — Store keys in AWS Secrets Manager, HashiCorp Vault, or similar tools rather than in .env files on disk.