{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-products/wallet/sidebars.yaml"},"props":{"metadata":{"markdoc":{"tagList":["admonition"]},"type":"markdown"},"seo":{"title":"API credentials best practices","description":"User guides, API reference, and support resources.","siteUrl":"https://docs.ripple.com/products/custody","lang":"en-US","llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"api-credentials-best-practices","__idx":0},"children":["API credentials best practices"]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"create-api-credentials","__idx":1},"children":["Create API credentials"]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Navigate to ‘API Credentials’ in 'Settings' and select ‘Create credentials’"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Select the permission set type"," ","This governs which actions your API credentials will be permitted to carry out."," ","Set types include:",{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Wallets - to manage wallets and vaults"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Transactions - to manage transactions"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Controls - to manage policies and addresses"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Monitoring - to manage auditing tools e.g. webhooks"]}]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Enter the name of the credentials"," ","This name should help identify the credentials."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Enter the description of the credentials"," ","This description should make the purpose of the credentials clear."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Select which IP addresses the credentials can be used from"," ","Option 1 - all IP addresses"," ","Option 2 - specified IP addresses. If more than 1 address, separate them with a comma."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Set a permission for the credentials"," ","Select a type, action, scope and resource for the credentials."," ","This is the most important part of the process as it sets the parameters for which actions the set of credentials can perform."]}]},{"$$mdtype":"Tag","name":"Admonition","attributes":{"type":"info","name":"Example"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["If I wanted my API credentials to only be able to read asset balances in a particular vault, I would select the following options:"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Permission set type: wallets"," ","Permission type: balances"," ","Permission action: read"," ","Permission scope: vault"," ","Permission resource: specific vault"]}]},{"$$mdtype":"Tag","name":"ol","attributes":{"start":7},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["If you wish to add another permission to this set of credentials, select ‘Add another permission’"," ","However, as per the ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/products/wallet/user-interface/api/manage-api-credentials#principle-of-least-privilege"},"children":["principle of least privilege"]},", we recommend limiting the scope of individual API credentials for security reasons."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Once you have added your desired number of permissions, select ‘Generate credentials’."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["You will receive a ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["clientID"]},"and ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["clientSecret"]},". These are essential for authenticating your requests."]}]},{"$$mdtype":"Tag","name":"Admonition","attributes":{"type":"warning","name":"Important"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["clientSecret"]}," will only be revealed once. Please copy and store it securely. If lost, new credentials will need to be created."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"use-api-credentials","__idx":2},"children":["Use API credentials"]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Ensure that the credentials are enabled."," ","Upon creation, credentials will be automatically enabled."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Swap the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["clientID"]},"and ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["clientSecret"]},"for an access token"," ","This is done using the OAuth flow via the API. See the ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/products/wallet/api-docs/palisade-api/palisade-api"},"children":["Wallet-as-a-Service (Palisade) API"]}," for details."]}]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"sh","header":{"controls":{"copy":{}}},"source":"curl --location 'http://api.palisade.co/v2/credentials/oauth/token' \\\n--header 'Content-Type: application/json' \\\n--data '{\n    \"clientId\": \"cIUkXkZBBx3zukqr6LJ3th2CVaYrgotH\",\n    \"clientSecret\": \"MXDAtUtaoU7WzuhbtY76DHTH_2lvqNg7FEMnUFAFRDVV0UUGGkkOwTJJrnTnywpF\"\n}'\n","lang":"sh"},"children":[]},{"$$mdtype":"Tag","name":"ol","attributes":{"start":3},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["You will receive a response containing the access token and other details"]}]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"json","header":{"controls":{"copy":{}}},"source":"{\n    \"accessToken\": \"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImxBMmpQWDd5NWZTR0tMWDFtMkpucyJ9.eyJodHRwczovL3BhbGlzYWRlLmNvIjp7ImRldmljZUlkIjpudWxsLCJvcmdhbml6YXRpb25JZCI6IjIxYzgxMzE5LTViODMtNDVmOS1iNjQ4LTQyMDU1MDg0YWYxNSIsInNpZ25hdHVyZVZlcmlmaWNhdGlvbktleSI6bnVsbCwidXNlcklkIjoiMWU0YzFmYmEtOGMzNy00OGY0LWJhZDgtNTg0ODY0OTBmMjQxIn0sImlzcyI6Imh0dHBzOi8vcGFsaXNhZGUtZGV2ZWxvcG1lbnQuZXUuYXV0aDAuY29tLyIsInN1YiI6ImNJVWtYa1pCQngzenVrcXI2TEozdGgyQ1ZhWXJnb3RIQGNsaWVudHMiLCJhdWQiOiJodHRwczovL2FwaS5wYWxpc2FkZS5jby8iLCJpYXQiOjE3MjI4ODk3MTIsImV4cCI6MTcyMjg5MzMxMiwic2NvcGUiOiJiYWxhbmNlczpyZWFkOm9yZzppZD0yMWM4MTMxOS01YjgzLTQ1ZjktYjY0OC00MjA1NTA4NGFmMTU6KiIsImd0eSI6ImNsaWVudC1jcmVkZW50aWFscyIsImF6cCI6ImNJVWtYa1pCQngzenVrcXI2TEozdGgyQ1ZhWXJnb3RIIiwicGVybWlzc2lvbnMiOlsiYmFsYW5jZXM6cmVhZDpvcmc6aWQ9MjFjODEzMTktNWI4My00NWY5LWI2NDgtNDIwNTUwODRhZjE1OioiXX0.AxTTxM2oLArtE6uRNJ1ADhMmrvwVfFQXu1vE5XZqpK64HuXwZB26R-25P4XpA9LX0QH7JTOpE9snNN7VYs4RVGXwNKeDRW0Zne7IkAVUwCAfhBkVxZ8Z_BZfNrTumGa-2R45XiQ2v-EfQZZV59q95eEz0f1ALWlc4XgVp_A5LPR25yys-H4sWPJJq5JUBdHtPVr7gUSkH7P3P4GSi3iZfcKaqijEwpJxN7Qmf7j2UFSC68-WeDxDXlIZIWkgCUz4lfPkYcz7oxpjRRGIej9eTtV9c5fCrkZcEaSOsSvqL3O2ubFqQm8hf6czfkOlyBmu7E2PJzImD1JJqpkB_qYfXg\",\n    \"scope\": \"balances:read:org:id=21c81319-5b83-45f9-b648-42055084af15:*\",\n    \"expiresIn\": 3600,\n    \"tokenType\": \"Bearer\"\n}\n","lang":"json"},"children":[]},{"$$mdtype":"Tag","name":"ol","attributes":{"start":4},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Use the access token to authenticate requests to the API"]}]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"sh","header":{"controls":{"copy":{}}},"source":"curl --location 'http://api.palisade.co/v2/balances' \\\n--header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImxBMmpQWDd5NWZTR0tMWDFtMkpucyJ9.eyJodHRwczovL3BhbGlzYWRlLmNvIjp7ImRldmljZUlkIjpudWxsLCJvcmdhbml6YXRpb25JZCI6IjIxYzgxMzE5LTViODMtNDVmOS1iNjQ4LTQyMDU1MDg0YWYxNSIsInNpZ25hdHVyZVZlcmlmaWNhdGlvbktleSI6bnVsbCwidXNlcklkIjoiMWU0YzFmYmEtOGMzNy00OGY0LWJhZDgtNTg0ODY0OTBmMjQxIn0sImlzcyI6Imh0dHBzOi8vcGFsaXNhZGUtZGV2ZWxvcG1lbnQuZXUuYXV0aDAuY29tLyIsInN1YiI6ImNJVWtYa1pCQngzenVrcXI2TEozdGgyQ1ZhWXJnb3RIQGNsaWVudHMiLCJhdWQiOiJodHRwczovL2FwaS5wYWxpc2FkZS5jby8iLCJpYXQiOjE3MjI4ODk3MTIsImV4cCI6MTcyMjg5MzMxMiwic2NvcGUiOiJiYWxhbmNlczpyZWFkOm9yZzppZD0yMWM4MTMxOS01YjgzLTQ1ZjktYjY0OC00MjA1NTA4NGFmMTU6KiIsImd0eSI6ImNsaWVudC1jcmVkZW50aWFscyIsImF6cCI6ImNJVWtYa1pCQngzenVrcXI2TEozdGgyQ1ZhWXJnb3RIIiwicGVybWlzc2lvbnMiOlsiYmFsYW5jZXM6cmVhZDpvcmc6aWQ9MjFjODEzMTktNWI4My00NWY5LWI2NDgtNDIwNTUwODRhZjE1OioiXX0.AxTTxM2oLArtE6uRNJ1ADhMmrvwVfFQXu1vE5XZqpK64HuXwZB26R-25P4XpA9LX0QH7JTOpE9snNN7VYs4RVGXwNKeDRW0Zne7IkAVUwCAfhBkVxZ8Z_BZfNrTumGa-2R45XiQ2v-EfQZZV59q95eEz0f1ALWlc4XgVp_A5LPR25yys-H4sWPJJq5JUBdHtPVr7gUSkH7P3P4GSi3iZfcKaqijEwpJxN7Qmf7j2UFSC68-WeDxDXlIZIWkgCUz4lfPkYcz7oxpjRRGIej9eTtV9c5fCrkZcEaSOsSvqL3O2ubFqQm8hf6czfkOlyBmu7E2PJzImD1JJqpkB_qYfXg'\n","lang":"sh"},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"api-credentials-settings","__idx":3},"children":["API credentials settings"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Once API credentials have been created, they will be listed in a table. Users can access settings by clicking the three dots in the ‘actions’ column of the table."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["There are 3 types of settings:"]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"view-credentials","__idx":4},"children":["View credentials"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["A summary of the credentials will be displayed, including:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Name"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Description"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Set type"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["clientID"]},"(but not ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["clientSecret)"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Permissions"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Details of the credentials’ creation & any updates"]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Here, you will also have the option to edit the credential. Only the permissions will be editable. The set type, name, description and IP address settings cannot be edited."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"disable-credentials","__idx":5},"children":["Disable credentials"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Disabling these API credentials will indefinitely prevent access to the Wallet-as-a-Service (Palisade) platform via your API integration. Credentials can easily be enabled again by clicking ‘Enable’ in the actions column."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"delete-credentials","__idx":6},"children":["Delete credentials"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Deleting these API credentials will remove access to the Wallet-as-a-Service (Palisade) platform via the API. These credentials cannot be recovered once deleted."]},{"$$mdtype":"Tag","name":"Admonition","attributes":{"type":"info","name":"API documentation"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["See our ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/products/wallet/api-docs/palisade-api/palisade-api"},"children":["Wallet-as-a-Service (Palisade) API reference"]}," for more information about the Wallet-as-a-Service (Palisade) API."]}]}]},"headings":[{"value":"API credentials best practices","id":"api-credentials-best-practices","depth":1},{"value":"Create API credentials","id":"create-api-credentials","depth":2},{"value":"Use API credentials","id":"use-api-credentials","depth":2},{"value":"API credentials settings","id":"api-credentials-settings","depth":2},{"value":"View credentials","id":"view-credentials","depth":3},{"value":"Disable credentials","id":"disable-credentials","depth":3},{"value":"Delete credentials","id":"delete-credentials","depth":3}],"frontmatter":{"title":"API credentials best practices","seo":{"title":"API credentials best practices"}},"lastModified":"2026-02-27T16:34:32.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/products/wallet/user-interface/api/api-credentials-best-practices","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}