Signet

Authentication

To use the Signet API, all requests must be authenticated using bearer tokens generated via your API key and secret. This process follows the OAuth2 Client Credentials Flow (machine-to-machine). If you use one of our SDKs, this is handled automatically.

Register & Set Up Your Developer Account

Before making any requests, you’ll need to create an API account. Once registered and logged in:

  • Go to Dashboard → API Settings
  • Click “Create New API Key”
  • Choose between Test or Production
    • Production requires submitting your bank details for billing purposes
  • You'll receive a key and secret
    • Copy and save the secret immediately, you won’t be able to view it again once the dialog closes
Create Developer Account

Generate a Bearer Token

Once you have your API Key and Secret, you can generate a bearer token by sending a POST request to our authentication endpoint:

curl -X POST http://api.getsignet.xyz/dpop/v1/api/generate-token \
  -H "Content-Type: application/json" \
  -d '{
    "apiKey": "YOUR_API_KEY",
    "apiSecret": "YOUR_API_SECRET"
  }'

This returns:

{
  "success": true,
  "message": "Access token generated successfully.",
  "data": {
    "credentials": {
      "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
      "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
      "tokenType": "Bearer"
    },
    "expiration": {
      "expiresIn": "1h",
      "expiresAt": "2025-09-26T11:29:08.041Z",
      "refreshExpiresIn": "1d"
    },
    "usage": {
      "format": "Bearer {accessToken}",
      "scope": "development"
    }
  }
}

Use this accessToken in your API calls.

Make Authenticated Requests

Include the bearer token in the Authorization header for any API request:

curl -X GET "http://api.getsignet.xyz/fraud/v1/blacklist/users" \
  -H "Authorization: Bearer YOUR_TOKEN_HERE"

⚠️ Tokens expire after 1 hour. You’ll need to refresh them manually unless you’re using an SDK.

If the bearer token expires or its not provided, you will receive this response:

{
    "success": false,
    "message": "Authorization header missing or malformed",
    "errors": {
        "authorization": {
            "code": "missing_header",
            "reason": "Authorization header is required and must use Bearer scheme"
        }
    }
}

Use an SDK (Recommended)

Signet SDKs handle token generation, refreshing, and error handling for you — so you can skip the manual setup and focus on integration.

Explore Our Official SDKs

Manual Token Refresh (Optional)

Once you have your API Key and Secret, you can generate a bearer token by sending a POST request to our authentication endpoint:

curl -X POST http://api.getsignet.xyz/dpop/v1/api/refresh-token \
  -H "Content-Type: application/json" \
  -d '{
    "apiKey": "YOUR_API_KEY",
    "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
  }'

This returns:

{
  "success": true,
  "message": "Access token generated successfully.",
  "data": {
    "credentials": {
      "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
      "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
      "tokenType": "Bearer"
    },
    "expiration": {
      "expiresIn": "1h",
      "expiresAt": "2025-09-26T11:29:08.041Z",
      "refreshExpiresIn": "1d"
    },
    "usage": {
      "format": "Bearer {accessToken}",
      "scope": "development"
    }
  }
}

Security Best Practices

  • Treat your API secret like a password — store it securely
  • Use environment variables in your code
  • Rotate keys regularly
  • Avoid exposing keys or tokens in frontend code

Was this page helpful?