Server-side API keys must be stored securely!Enable only the scopes you need, and no more, and do NOT expose your keys on the frontend of your app, or your github code repository.

Create a Server-side Key

Navigate to the API Keys section of the developer console and click the “Create new key” button in the server-side keys section.
create server-side API key in Crossmint developer console

Select Scopes

Production server-side keys follow a “view once” policyWhen you create a server-side API key in the production environment, the key secret will only be shown once during creation. After you close the dialog or navigate away, you will not be able to view the key secret again.
Within the modal that opens, toggle the required scopes on and click the “Create server key” button at the bottom. You may need to expand an accordion for the product area you’re working on to expose additional scope options.
select server-side API scopes in Crossmint developer console
You can determine the scopes you need by visiting the API reference page for the API(s) you need to interact with.

API Scopes

Complete list of available API scopes

API Reference

Detailed docs for all API endpoints

Using a Server-side Key

If you’re using the API Playground you can add your API key in the Authorization section and this will set it as a header when making the request.
Set x-api-key screenshotSet x-api-key screenshot
When calling the APIs from server-side code, you set the X-API-KEY header however the target language or library expects it. See some examples below: 
curl --request POST \
  --url https://staging.crossmint.com/api/v1-alpha1/wallets \
  --header 'Content-Type: application/json' \
  --header 'X-API-KEY: YOUR_API_KEY' \
  --data '{
  "email": "test@test.com",
  "chain": "polygon-amoy"
}'
All of the API routes in the API Reference include code examples for many popular programming languages.