Authentication

The Chain API uses API keys to authenticate requests. You can manage your API keys from the Chain Dashboard.

API Key Types

sk_sandbox_...Sandbox

Use sandbox keys for testing and development. No real money is moved.

sk_live_...Live

Live keys move real funds. Keep these secret and never expose in client-side code.

Include your API key in the Authorization header as a Bearer token.

curl https://api.chain.com/v1/wallets \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json"

Parameter	Type	Description
`Authorization`required	`string`	Bearer token with your API key: Bearer sk_live_...
`Content-Type`required	`string`	Must be application/json for request bodies.
`X-Business-Id`	`string`	Required when operating in multi-business context.
`X-Idempotency-Key`	`string`	Unique key to safely retry requests without side effects.

API keys can be scoped to limit access to specific resources. When creating an API key, specify which scopes it should have.

Scope	Description
`cards:read`	List and retrieve card details.
`cards:write`	Issue new cards.
`wallets:read`	List and retrieve wallet details.
`wallets:write`	Create new wallets.
`funding:read`	List funding transactions.
`funding:write`	Create funding requests.
`payouts:read`	List payout transactions.
`payouts:write`	Create new payouts.
`payees:read`	List registered payees.
`payees:write`	Register new payees.
`bank_accounts:read`	List linked bank accounts.
`bank_accounts:write`	Create Plaid link tokens to connect bank accounts.
`ledger:read`	Query ledger entries.
`webhooks:read`	List webhook endpoints.
`webhooks:write`	Create and delete webhook endpoints.

If your account manages multiple businesses, include the X-Business-Id header to scope requests.

Multi-business request

curl https://api.chain.com/v1/wallets \
  -H "Authorization: Bearer sk_live_..." \
  -H "X-Business-Id: biz_abc123"

Rate limiting

Rate limits are applied per API key. If you exceed the limit, you'll receive a 429 Too Many Requests response.