> For the complete documentation index, see [llms.txt](https://doc.paysats.exchange/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://doc.paysats.exchange/getting-started/api-keys.md).

# API keys

PaySats uses a **single tenant API key** as the credential across every integration surface:

* The HTTP `/v1` API, sent as `Authorization: Bearer <key>`
* `@paysats/sdk`, passed to `new PaysatsClient({ apiKey })`
* `@paysats/mcp`, read from the `PAYSATS_API_KEY` env var

{% hint style="danger" %}
**Never** ship an API key in a browser bundle, mobile binary, or public MCP configuration. All three surfaces are designed to be called from a **server you control**. The key authenticates **you** (the tenant), not an end user.
{% endhint %}

## Format

Keys look like:

```
pk_live_xxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
```

* `pk_live_` prefix is always present.
* The part before the `.` is the **key ID** (safe to log, useful for support).
* The part after the `.` is the **secret**. Treat it like a password.

## Getting a key

{% hint style="success" %}
**Ping us on Telegram at** [**@vibcrypto**](https://t.me/vibcrypto)**.** Fastest way to get a tenant API key during private beta.
{% endhint %}

PaySats is currently in **private beta**. To request a tenant API key, message [@vibcrypto](https://t.me/vibcrypto) on Telegram or email <code class="expression">space.vars.support\_email</code>. Include:

* The product / app you're integrating
* Expected monthly volume (approx local fiat)
* Which rails you need (Lightning, cbBTC, BTCB)
* Whether you want **bank** or **e-wallet** payouts (or both), and the target market (Indonesia / India / other)

## Where to store it

{% tabs %}
{% tab title="Node / server" %}
Environment variable, read at startup:

```bash
export PAYSATS_API_KEY="pk_live_xxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
```

```ts
import { PaysatsClient } from "@paysats/sdk";

const client = new PaysatsClient({
  apiKey: process.env.PAYSATS_API_KEY!,
});
```

{% endtab %}

{% tab title="MCP (Cursor / Claude Desktop)" %}
In `~/.cursor/mcp.json` or `claude_desktop_config.json`, under `env`:

```json
{
  "mcpServers": {
    "paysats": {
      "command": "node",
      "args": ["/absolute/path/to/paysats/mcp/dist/index.js"],
      "env": {
        "PAYSATS_API_KEY": "pk_live_xxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
      }
    }
  }
}
```

The file is read only by your local MCP client. It never leaves your machine.
{% endtab %}

{% tab title="Railway / Docker" %}
As a service env var. Never check the value into git.

```bash
railway variables set PAYSATS_API_KEY="pk_live_xxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
```

{% endtab %}
{% endtabs %}

## What the key can do

Every call with a valid tenant key can:

* Create off-ramp orders against **that tenant's** smart accounts and payout configuration
* Read back **only its own** orders (`GET /v1/offramp/orders` and `/:id` are scoped by `tenantId`)
* Query quotes, payout methods, deposit rails, and platform stats (these are effectively public but still require a valid key)

It **cannot**:

* See other tenants' orders
* Mint new API keys (that's a backend-only operator command)
* Change payout destinations of existing orders

## Rotating and revoking

* Key rotation is handled by PaySats ops via the backend `key:rotate` / `key:revoke` commands.
* If a key leaks, ping us on Telegram at [@vibcrypto](https://t.me/vibcrypto) or email <code class="expression">space.vars.support\_email</code> from the account of record. We revoke and reissue.
* Losing a secret is recoverable (rotate); losing the key ID is not sensitive.

Next: [Settlement quickstart](/getting-started/quickstart.md) · [HTTP API /v1](/developers/http-api.md)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://doc.paysats.exchange/getting-started/api-keys.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.