recurrbaserecurrbase docs
HomeSubscribeDashboardAPI

API Keys Overview

API keys allow server-side access to RecurrBase.

  • Keys are generated in dashboard

  • Keys can have scopes:

    • READ_ONLY

    • SUBSCRIPTIONS_MANAGE

    • FULL

Never expose API keys in client-side code. API keys should only be used in server-side environments.

Generate Key

POST /api-keys
{
  "label": "my backend",
  "scopes": ["FULL"]
}

Response:

{
  "key": "rbk_xxxxx..."
}

This is the only time the full key is returned. Store it securely immediately.

Using API Keys

Include the API key in the Authorization header:

Authorization: Bearer rbk_xxxxx...

Example with curl:

curl -H "Authorization: Bearer rbk_xxxxx..." \
  https://api.recurrbase.xyz/subscriptions/status?address=0x...

Key Scopes

  • READ_ONLY - Can read subscription status
  • SUBSCRIPTIONS_MANAGE - Can manage subscriptions
  • FULL - Full access to all endpoints

See Scopes for details.

Security

  • Store API keys in environment variables
  • Never commit keys to version control
  • Rotate keys regularly
  • Revoke unused keys

Use the principle of least privilege. Only grant the minimum scope needed for your use case.

See Managing Keys.