Authentication
All API requests must include your API key in the Authorization header.
API Key
Your API key is provided during onboarding. It is a 64-character hexadecimal string that uniquely identifies your organization.
Keep Your API Key Secure
Your API key provides full access to your account. Never share it publicly or commit it to version control. Treat it like a password.
Request Format
Include the API key in the Authorization header using the Bearer scheme:
Authorization: Bearer YOUR_API_KEYExample Request
curl -X GET "https://api.sproutfi.xyz/api/1/b2b/balance" \
-H "Authorization: Bearer a1b2c3d4e5f6...your_api_key...7890"Response Codes
| Code | Description |
|---|---|
0 | Success |
401 | Invalid or missing API key |
400 | Bad request (invalid parameters) |
500 | Server error |
Error Response
When authentication fails, you will receive:
{
"code": 401,
"msg": "invalid API key",
"data": null
}Security Best Practices
- Never share your API key - Treat it like a password
- Use environment variables - Don't hardcode the key in your source code
- Rotate keys if compromised - Contact Sprout support immediately
- Use HTTPS only - All API calls must use HTTPS
Need a New API Key?
If your API key has been compromised, contact your Sprout representative immediately to have it rotated.