Skip to main content
GET
/
auth
/
derive-api-key
Derive an existing API key (L1)
curl --request GET \
  --url https://clob.kuest.com/auth/derive-api-key \
  --header 'KUEST_ADDRESS: <kuest_address>' \
  --header 'KUEST_NONCE: <kuest_nonce>' \
  --header 'KUEST_SIGNATURE: <kuest_signature>' \
  --header 'KUEST_TIMESTAMP: <kuest_timestamp>' \
  --header 'X-Chain-Id: <x-chain-id>'
{
  "key": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "secret": "<string>",
  "passphrase": "<string>"
}
Return deterministic API credentials for an address/nonce pair that already exists. Use this when you previously created a key and want to re-derive it with the same L1 signature payload.
This endpoint requires the L1 header. Provide KUEST_ADDRESS, KUEST_SIGNATURE, KUEST_TIMESTAMP, and KUEST_NONCE.

Required headers

HeaderDescription
KUEST_ADDRESSPolygon address that controls the wallet signing the request.
KUEST_SIGNATUREEIP-712 signature authorizing the derivation.
KUEST_TIMESTAMPCurrent Unix timestamp (seconds).
KUEST_NONCEMonotonic nonce tied to the signature.
If no API key exists for the supplied address/nonce, the request responds with 404.

Headers

KUEST_ADDRESS
string
required

Checksummed wallet address performing the request.

KUEST_SIGNATURE
string
required

EIP-712 signature for the L1 challenge payload.

KUEST_TIMESTAMP
string
required

Millisecond epoch timestamp (string) used for freshness checks.

KUEST_NONCE
string
required

Unsigned 256-bit nonce value represented as a decimal string.

X-Chain-Id
integer<int64>
required

EVM chain ID used for the signature domain.

Response

Deterministic API key trio

key
string<uuid>
required

Deterministic UUID v4 identifier for the API key.

secret
string
required

Base64 encoded secret used for HMAC L2 signatures.

passphrase
string
required

64-character hexadecimal passphrase paired with the API key.