Skip to main content
POST
/
auth
/
api-key
Derive or create an API key (L1)
curl --request POST \
  --url https://clob.kuest.com/auth/api-key \
  --header 'KUEST_ADDRESS: <kuest_address>' \
  --header 'KUEST_NONCE: <kuest_nonce>' \
  --header 'KUEST_SIGNATURE: <kuest_signature>' \
  --header 'KUEST_TIMESTAMP: <kuest_timestamp>' \
  --header 'X-Chain-Id: <x-chain-id>'
{
  "key": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "secret": "<string>",
  "passphrase": "<string>"
}
Generate a new set of Kuest API credentials using an L1 wallet signature.
You can also use the hosted console at auth.kuest.com to connect your wallet, mint credentials, view existing keys, or revoke them without crafting raw requests.
This endpoint requires the L1 header. Provide KUEST_ADDRESS, KUEST_SIGNATURE, KUEST_TIMESTAMP, and KUEST_NONCE. To credit a referral, include the optional KUEST_REFERRAL header.

Required headers

HeaderDescription
KUEST_ADDRESSPolygon address that controls the wallet signing the request.
KUEST_SIGNATUREEIP-712 signature authorizing the API key creation.
KUEST_TIMESTAMPCurrent Unix timestamp (seconds).
KUEST_NONCEMonotonic nonce tied to the signature.

Optional headers

HeaderDescription
KUEST_REFERRALReferral wallet address to credit, must be a 0x-prefixed Polygon address (for example, 0x1bc5698917fe6b0d10fa60b739c81854f808fdc2).

Response fields

FieldTypeDescription
keystringUUID v4 identifier for subsequent API requests (KUEST_API_KEY).
secretstringBase64-encoded secret (may include padding =) used to sign L2 requests; store securely.
passphrasestring64-character hex string sent with each L2 request (KUEST_PASSPHRASE).
The secret and passphrase are returned only once. Persist them securely—Kuest cannot recover these values later. To inspect keys later, use GET /auth/api-keys; to revoke, call DELETE /auth/api-key.

Headers

KUEST_ADDRESS
string
required

Checksummed wallet address performing the request.

KUEST_SIGNATURE
string
required

EIP-712 signature for the L1 challenge payload.

KUEST_TIMESTAMP
string
required

Millisecond epoch timestamp (string) used for freshness checks.

KUEST_NONCE
string
required

Unsigned 256-bit nonce value represented as a decimal string.

X-Chain-Id
integer<int64>
required

EVM chain ID used for the signature domain.

KUEST_REFERRAL
string

Optional wallet address (0x…) to credit as the referrer.

Response

Deterministic API key trio

key
string<uuid>
required

Deterministic UUID v4 identifier for the API key.

secret
string
required

Base64 encoded secret used for HMAC L2 signatures.

passphrase
string
required

64-character hexadecimal passphrase paired with the API key.