API key management (Dashboard)
Use the API integration page in your SwapDuck profile to create, view, and manage your API keys.
<aside>
🤖
Note: we can set up a Telegram bot for your B2B Telegram account that will allow you to manage your API keys via Telegram. Oftentimes it is a lot more conventient and faster - contact us if you want this feature to be enabled!
</aside>
What you will see on the API integration page
The page contains:
- WebHook integration UI
- A switch to enable WebHook integration
- A text field for your WebHook ingress endpoint
- Current API keys list UI
- Each row represents one key.
- Fields shown:
- Public key (safe to store in code and logs)
- Created at / Last used (if available)
- Name
- Active (Active or Disabled)
- IP whitelist (allowed IPs and ranges)
- Actions per key:
- Disable (recommended first step)
- Delete (permanent removal)
- An + Add Button for the API key creation UI
- API key creation UI
- Inputs:
- IP (with a + button that adds an IP into the IP whitelist)
- Name
- Button: Add
- Post-create modal:
- Public key
- Private key (shown once!)
Create a new API key
<aside>
❗
Important: After you create an API key, SwapDuck shows the Private key only once.
- Copy it immediately.
- If you lose it, you will need to delete the key and create a new one.
</aside>
- Open the API integration page and click + Add
- In Create new API key:
- Fill the Name field
- Use a name that identifies the integration and environment.
- Example:
acme-prod-payments or acme-staging.
- Add an IP into the IP field and click +
- Add only the public outbound IP addresses that will send API requests to SwapDuck.
- Use the smallest set of IPs possible.
- Click Add.
- On the confirmation screen, copy both values:
- Public key
- Private key (shown only once)
- Store the Private key securely.
- Recommended: a password manager.
- Avoid: source code, shared documents, chats, and screenshots.
<aside>
📌
After saving the private key: treat it like a password. Anyone who has it can make requests as your integration.
</aside>
IP whitelist requirements and format