Skip to main content
Blockra authenticates all API requests using a secret API key. You create keys in the dashboard under Developers → API Keys. The full key is shown only once at creation — store it securely immediately. Blockra stores only a hash of the key and cannot show it to you again. All API keys are prefixed bk_.

Creating an API key

1

Open the dashboard

Log in to app.blockra.io and navigate to Developers → API Keys.
2

Create a new key

Click Create API Key, give the key a descriptive name, and select the scopes it needs.
3

Copy the key

Copy the full key value immediately — it is shown only once. Store it in a secrets manager or environment variable.

Sending your key

Pass the key on every request using either the X-API-Key header or as a Bearer token in the Authorization header:
API keys carry full permissions for the scopes assigned to them. Never embed a key in client-side code, mobile apps, or a public repository. All Blockra API calls must originate from your server.

Scopes

Each API key is granted a set of scopes at creation. A request to an endpoint that requires a scope your key does not have returns 403 with code HTTP_403.
ScopeWhat it grants
payments:readList and retrieve payments
payments:writeCreate payments and checkout sessions
customers:readList and retrieve customers
customers:writeReserved for customer write operations
balance:readRead account balances
withdrawals:readList withdrawal history
withdrawals:writeRequest withdrawals
payment_links:readList payment links
payment_links:writeCreate and update payment links
webhooks:readList webhook endpoints
webhooks:writeCreate and delete webhook endpoints
Follow the principle of least privilege — grant each key only the scopes it needs. Create separate keys for different services or environments.

Rate limits

Requests are rate-limited per API key. If you exceed the limit, the API returns 429 with code RATE_LIMIT_EXCEEDED. Back off and retry after a short delay.

Authentication errors

HTTP statusCodeCause
401HTTP_401The key is missing, malformed, or invalid
403HTTP_403The key exists but lacks the required scope
429RATE_LIMIT_EXCEEDEDToo many requests from this key