The Spearmint API uses API keys to authenticate requests. You can view and manage your API keys in the admin view for your team under the API keys tab.

Authentication to the API is performed via bearer authentication. Provide your API key as the bearer token in the header of your request, like so:

curl --request GET \
     --url 'https://api.spearmint.xyz/projects/890c9cf8-7c91-4e61-a9a2-cd35074da7ce/signatures/0x0000000000000000000000000000000000000001' \
     --header 'accept: application/json' \
     --header 'authorization: Bearer sppk_SbFh2VKHsp1kxCss7dxLYElTOfyiv3C12VRvUDMnqD9nDIlX8ViNhMdNjCmKB1ML'

const options = {
  method: 'GET',
  headers: {
    accept: 'application/json',
    authorization: 'Bearer sppk_SbFh2VKHsp1kxCss7dxLYElTOfyiv3C12VRvUDMnqD9nDIlX9ViNhMdNjCmKB1ML'
  }
};

fetch('https://api.spearmint.xyz/attestations/signature?address=0x1600cB2766558daF561593B3E8059b53D8118B45', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

API keys

Your API key allows Spearmint to attribute the request to your project and apply security restrictions and rate limits to help protect your project.

There are two types of API keys: publishable and secret. Publishable keys have limited read-only scope to a subset of API methods and can be exposed client-side. Secret keys are more powerful and must be kept secure and only used on the server-side.

Each project comes with a Default key which has been created for you. You can rename this and modify the key properties as you please, as well as create new API keys or delete them. You can create a maximum of 10 API keys per team.