API Authentication

The BlockchainAnalysis.io REST API uses Bearer token authentication. Every API request must include a valid API key in the Authorization header.

Obtaining an API Key

Log in to your BlockchainAnalysis.io dashboard.
Navigate to Account > API Keys.
Click Create New Key.
Give the key a descriptive name (e.g., "Production Backend", "Staging Server").
Copy the key immediately — it will not be shown again.

API keys are shown only once at creation time. Store them securely in your environment variables or secrets manager. If you lose a key, revoke it and create a new one.

Using the API Key

Include the key in the Authorization header of every request:

curl -X GET https://blockchainanalysis.io/api/v1/screening/wallet \
  -H "Authorization: Bearer ba_live_xxxxxxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{"address": "0x742d35Cc6634C0532925a3b844Bc9e7595f4a9e"}'

Header Format

Authorization: Bearer <your-api-key>

All API keys are prefixed with ba_live_ (production) or ba_test_ (sandbox/test environment).

Key Management

Viewing Active Keys

Navigate to Account > API Keys to see all active keys. Each key shows:

Name — The label you assigned at creation
Created — Date and time the key was created
Last Used — Date and time of the most recent API call
Credits Used — Total API credits consumed by this key

Revoking a Key

Go to Account > API Keys.
Click the Revoke button next to the key you want to deactivate.
Confirm the revocation.

Revoking a key is immediate and irreversible. Any application using the revoked key will receive 401 Unauthorized responses.

Key Limits

| Plan | Max Active Keys | |------|----------------| | Starter | 1 | | Professional | 5 | | Enterprise | 25 |

Security Best Practices

Never hardcode API keys in source code. Use environment variables or a secrets manager.
Rotate keys periodically — Create a new key, update your applications, then revoke the old key.
Use separate keys for different environments (production, staging, development).
Monitor usage — Check the API Keys page regularly for unexpected activity.
Restrict access — Only share API keys with team members who need them.

Error Responses

| Status Code | Error | Description | |------------|-------|-------------| | 401 | unauthorized | Missing or invalid API key | | 403 | forbidden | API key is valid but does not have permission for this endpoint | | 429 | rate_limited | Too many requests — see Rate Limits |

Next Steps

API Endpoints — Full endpoint reference.
Credit Tiers — Understand API credit pricing.
Rate Limits — Rate limiting and error handling.