Authentication
Coinsnap WordPress plugins authenticate using an API key and Store ID. These credentials are stored in the WordPress database via the plugin settings page and injected into each API request.
How it works
The plugin sends your API key as the x-api-key header on every request to the Coinsnap API:
POST https://app.coinsnap.io/api/v1/stores/{storeId}/invoices
x-api-key: cs_live_xxxxxxxxxxxxxxxxxxxx
Content-Type: application/json
The Store ID is part of every API URL — it identifies which of your Coinsnap stores the invoice belongs to.
Where credentials are stored
Plugin settings are stored in the WordPress wp_options table under these keys:
| Option key | Value |
|---|---|
coinsnap_api_key | Your Coinsnap API key |
coinsnap_store_id | Your Coinsnap Store ID |
coinsnap_webhook | Array with id, secret, and url (auto-managed by plugin) |
The plugin reads them at runtime via:
$api_key = get_option('coinsnap_api_key');
$store_id = get_option('coinsnap_store_id');
$webhook = get_option('coinsnap_webhook'); // ['id' => ..., 'secret' => ..., 'url' => ...]
These are set in WooCommerce → Settings → Bitcoin & Lightning (global plugin settings), not in the individual payment gateway settings.
Security considerations
- API key permissions — create a dedicated API key for your WordPress integration with the minimum required permissions (invoice creation, webhook registration)
- Do not hardcode credentials — always use the plugin settings UI, not
wp-config.phpor theme files - HTTPS required — credentials are transmitted in request headers; always use HTTPS
Rotating your API key
If your API key is compromised:
- Go to Coinsnap Dashboard → Settings → Store
- Click Regenerate API Key
- Update the new key in your plugin settings (WooCommerce → Settings → Bitcoin & Lightning)
No orders or webhooks are affected — only new API requests use the key.
Multiple WordPress sites
Each WordPress installation should use its own API key. This allows you to revoke access for a single site without affecting others.
Create a separate key for each site in Coinsnap Dashboard → Settings → Store → API Keys.