Skip to content

Authentication

Learn how to authenticate with the Circuit KYC Network API.

API Keys

All API requests require authentication using an API key. Include your key in the X-API-Key header:

curl -H "X-API-Key: sk_sandbox_your-key" \
  https://sandbox.circuit-kyc.com/api/v1/check-eligibility

Key Types

Environment Use Case
Sandbox Development & testing
Production Live customer data

Your key type is automatically detected based on its prefix.

Keep Keys Secret

Never expose API keys in client-side code, version control, or logs.

Environments

Environment Base URL Purpose
Sandbox https://sandbox.circuit-kyc.com Testing without real data
Production https://api.circuit-kyc.com Live operations

Sandbox vs Production

Sandbox: - Free test credits included - Uses simulated data - No real KYC network access - Perfect for development

Production: - Real network data - Actual credit charges - Subject to compliance requirements - Full rate limits apply

Managing API Keys

Creating Keys

  1. Log in to your dashboard
  2. Navigate to Settings → API Keys
  3. Click Create New Key
  4. Choose environment (sandbox/production)
  5. Copy and store the key securely

Rotating Keys

For security, rotate your API keys periodically:

  1. Create a new key
  2. Update your application to use the new key
  3. Test thoroughly
  4. Delete the old key

Zero-Downtime Rotation

Keep both keys active during transition to avoid service interruption.

Revoking Keys

To revoke a compromised key immediately:

  1. Go to Settings → API Keys
  2. Find the key to revoke
  3. Click Revoke
  4. Confirm the action

The key is invalidated immediately.

SDK Authentication

SDKs handle authentication automatically:

from circuit_kyc import CircuitClient

# Key is automatically included in all requests
client = CircuitClient(api_key="sk_sandbox_your-key")

import { CircuitClient } from '@circuit-kyc/sdk';

const client = new CircuitClient({ apiKey: 'sk_sandbox_your-key' });

Error Handling

401 Unauthorized

{
  "detail": "Invalid or expired API key"
}

Causes: - Invalid API key - Expired/revoked key - Wrong environment (sandbox key with production URL)

Solution: - Verify your API key is correct - Check you're using the right environment - Generate a new key if compromised

Best Practices

  1. Use environment variables 

    export CIRCUIT_API_KEY="sk_sandbox_..."

  2. Separate keys per environment

  3. Development: sandbox key
  4. Staging: sandbox key

  5. Production: production key

  6. Rotate regularly

  7. Rotate keys every 90 days

  8. Rotate immediately if compromised

  9. Monitor usage

  10. Check dashboard for unusual activity
  11. Set up alerts for failed authentications