How to authenticate your BuyCoins API requests

To authenticate API requests, you need to generate your keys by going to the API Settings screen on BuyCoins.

Two keys will be generated:

  1. Public Key: Think of this as a username. It's how BuyCoins knows which user is attempting to make a request.

  2. Secret Key: Think of this as a password. BuyCoins never stores your Secret Key, we only generate it and display it you ONCE. Copy & keep your secret key in a secure place (e.g Environment Variables).

To authenticate your GraphQL request, you need to use Basic Authentication with the Public Key as username and the Secret Key as password.

Basic Authentication Primer

  • username (Public Key) and password (Secret Key) are concatenated into a single string: username:password

  • This string is encoded with Base64

  • The Basic keyword is put before this encoded value and shall result in something like this: Basic am9objpzZWNyZXQ=

  • The entire string should be added to the header of the request with the key Authorization

curl --header "Authorization: Basic am9objpzZWNyZXQ="

How to Authenticate with GraphQL

Most GraphQL client libraries have some way to add headers to all your requests. Here's a JavaScript example with Apollo Boost

const ApolloClient = require('apollo-boost').default;
const authValue = 'Basic ' + Buffer.from(process.env.BUYCOINS_PUBLIC_KEY + ':' + process.env.BUYCOINS_SECRET_KEY).toString('base64');
const client = new ApolloClient({
uri: process.env.BUYCOINS_GRAPHQL_API,
fetch: fetch,
headers: {
authorization: authValue