Skip to main content

Overview

Monei supports api key authentication method

API Key Authentication

The simplest and most common authentication method for server-side applications.

Getting Your API Key

1

Navigate to Dashboard

Go to monei.cc
2

Create New Key

Click Create New Key and provide:
  • Key name (for identification)
  • Environment (sandbox or production)
  • Permissions (optional scoping)
3

Save Securely

Copy your API key immediately - it won’t be shown again
Store API keys in environment variables, never commit them to source control.

Using API Keys

Include your API key in the x-api-key header: 
import MoneiSDK from 'monei-sdk';

const monei = new MoneiSDK({
  apiKey: process.env.MONEI_API_KEY,
});

// All requests will include the API key automatically
const account = await monei.user.getWallet();

API Key Permissions

Control what your API keys can access:
PermissionDescriptionUse Case
Read OnlyView account and transaction dataAnalytics dashboards
TransactionsExecute transactionsPayment processing
Account ManagementModify account settingsAdmin operations
Full AccessAll operationsBackend services
Always use the minimum required permissions for each API key to enhance security.

Security Best Practices

Do:
  • Store keys in environment variables
  • Use different keys for development and production
  • Rotate keys regularly (every 90 days)
  • Use scoped permissions
  • Monitor key usage
Don’t:
  • Commit keys to version control
  • Share keys via email or chat
  • Use production keys in development
  • Hardcode keys in client-side code
Storage:
  • Server-side: Environment variables, secure vaults
  • Client-side: httpOnly cookies, secure storage APIs
  • Never in localStorage or sessionStorage
Transmission:
  • Always use HTTPS
  • Never include tokens in URLs
  • Use secure headers only
Lifecycle:
  • Implement token refresh before expiration
  • Clear tokens on logout
  • Revoke compromised tokens immediately
Transport:
  • Always use TLS 1.2 or higher
  • Verify SSL certificates
  • Use certificate pinning in mobile apps
Rate Limiting:
  • Implement client-side rate limiting
  • Handle 429 responses gracefully
  • Use exponential backoff
IP Whitelisting:
  • Restrict API access to known IPs (enterprise)
  • Use VPN for sensitive operations
Track:
  • All authentication attempts
  • Failed login attempts
  • API key usage patterns
  • Unusual activity
Alerts:
  • Multiple failed logins
  • API calls from new locations
  • Suspicious transaction patterns
  • Key usage spikes
Logging:
  • Log all authentication events
  • Monitor access patterns
  • Review logs regularly
  • Set up automated alerts

Authentication Errors

Common authentication errors and how to resolve them:
Cause: Invalid or missing credentialsSolutions:
  • Verify API key is correct
  • Check token hasn’t expired
  • Ensure proper header format
  • Confirm environment (sandbox vs production)
{
  "statusCode": 401,
  "message": "Invalid API key",
  "error": "Unauthorized"
}

Environment Variables

Recommended environment variable structure: 
# Monei API Configuration
MONEI_API_KEY=your_api_key_here
Never commit your .env file to version control. Add it to .gitignore.

Testing Authentication

Test your authentication setup: 
import MoneiSDK from 'monei-sdk';

async function testAuthentication() {
  const monei = new MoneiSDK({
    apiKey: process.env.MONEI_API_KEY,
  });

  try {
    // Test API key authentication
    const account = await monei.user.getCurrentUser();
    console.log('✓ Authentication successful');
    console.log('Account ID:', account.id);
    console.log('KYC Tier:', account.kycInfo.currentTier);
    
    return true;
  } catch (error) {
    console.error('✗ Authentication failed:', error.message);
    return false;
  }
}

testAuthentication();

Next Steps

Core Concepts

Learn about wallets, transactions, and networks

Security Guidelines

Comprehensive security best practices

API Reference

Explore all available endpoints

Webhooks

Set up secure webhook integrations