API Keys
Every request to the Coinsnap API (except the health check) must include an API key.
Creating an API key
- Log in to app.coinsnap.io
- Open Settings → Store
- Scroll to the API Keys section
- Enter a label (e.g. "Production", "WooCommerce") and click Create API key
- Copy the key from the table — you can return here at any time to copy it again
Finding your Store ID
Your Store ID is required for all store-scoped endpoints. You can find it:
- On the Settings → Store page (displayed as Coinsnap Store ID)
- In the URL when viewing your store:
app.coinsnap.io/stores/YOUR_STORE_ID/...
A Store ID looks like this:
7CVKXVxM7BtbkMEie8yoNeR8EetExpQhJUYEFY3ftfwR
Using the API key
Include it as a header in every request:
x-api-key: YOUR_API_KEY
Example:
curl https://app.coinsnap.io/api/v1/stores/YOUR_STORE_ID/invoices \
-H 'x-api-key: YOUR_API_KEY'
Scope
API keys are store-scoped. All API endpoints that operate on store resources require a storeId path parameter, and the key must belong to that store. A key from one store cannot access another store's data.
Security best practices
| Practice | Details |
|---|---|
| Never expose in frontend code | API keys grant full store access — keep them server-side only |
| Use environment variables | Store as COINSNAP_API_KEY, never hardcode in source files |
| Rotate if compromised | Delete the old key and create a new one from the dashboard |
| One key per integration | Use separate keys for staging and production |
Environment variables
.env
COINSNAP_API_KEY=cs_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxx
COINSNAP_STORE_ID=7CVKXVxM7BtbkMEie8yoNeR8EetExpQhJUYEFY3ftfwR
COINSNAP_WEBHOOK_SECRET=whsec_xxxxxxxxxxxxxxxxxxxxxxxxxxxx
Node.js usage
const apiKey = process.env.COINSNAP_API_KEY;
const storeId = process.env.COINSNAP_STORE_ID;
PHP usage
$apiKey = getenv('COINSNAP_API_KEY');
$storeId = getenv('COINSNAP_STORE_ID');
Unauthenticated endpoint
The only endpoint that does not require an API key is the health check:
curl https://app.coinsnap.io/api/v1/health