Skip to main content

Authentication

Coinsnap WordPress plugins authenticate using an API key and Store ID. These credentials are stored in the WordPress database via the plugin settings page and injected into each API request.

How it works

The plugin sends your API key as the x-api-key header on every request to the Coinsnap API:

POST https://app.coinsnap.io/api/v1/stores/{storeId}/invoices
x-api-key: cs_live_xxxxxxxxxxxxxxxxxxxx
Content-Type: application/json

The Store ID is part of every API URL — it identifies which of your Coinsnap stores the invoice belongs to.

Where credentials are stored

Plugin settings are stored in the WordPress wp_options table under these keys:

Option keyValue
coinsnap_api_keyYour Coinsnap API key
coinsnap_store_idYour Coinsnap Store ID
coinsnap_webhookArray with id, secret, and url (auto-managed by plugin)

The plugin reads them at runtime via:

$api_key  = get_option('coinsnap_api_key');
$store_id = get_option('coinsnap_store_id');
$webhook  = get_option('coinsnap_webhook'); // ['id' => ..., 'secret' => ..., 'url' => ...]

These are set in WooCommerce → Settings → Bitcoin & Lightning (global plugin settings), not in the individual payment gateway settings.

Security considerations

  • API key permissions — create a dedicated API key for your WordPress integration with the minimum required permissions (invoice creation, webhook registration)
  • Do not hardcode credentials — always use the plugin settings UI, not wp-config.php or theme files
  • HTTPS required — credentials are transmitted in request headers; always use HTTPS

Rotating your API key

If your API key is compromised:

  1. Go to Coinsnap Dashboard → Settings → Store
  2. Click Regenerate API Key
  3. Update the new key in your plugin settings (WooCommerce → Settings → Bitcoin & Lightning)

No orders or webhooks are affected — only new API requests use the key.

Multiple WordPress sites

Each WordPress installation should use its own API key. This allows you to revoke access for a single site without affecting others.

Create a separate key for each site in Coinsnap Dashboard → Settings → Store → API Keys.