API Keys & Access Keys
API Keys: Secret Acess Key vs Public Access Key
The Secret Access Key or sak_
and the Public Access Key or pak_
have distinct permission roles to accommodate many Lightning Network use cases client side and server side.
Secret Access Key: The sak_
is intended to be used SERVER SIDE only, and is meant to be as secret as secret keys can get. This key has permission to perform ALL requests across the API.
If you intend to use the LNPay API only server side, you can disregard the Wallet Access Keys section below.
Public Access Key: The pak_
is intended to be used CLIENT SIDE only, and is intended to be paired with a Wallet Access Key (wak
) The pak_
is essentially serves as an account identifier, while the Wallet Access Keys provide a level of control over wallets. This dynamic is helpful for when you want to have wallets perform certain functions client side, but do not want to expose your entire LNPay account.
The Public Access Key cannot perform any LIST functions (list wallets, list transactions).
Wallet Access Keys
Each wallet has role-based permissioned access keys associated with it. The keys are generated on wallet create via the API or dashboard. They are only available via the API in the response from wallet create, and cannot be retrieved later via the API.
The purpose of these keys are to restrict use with client side applications. Browser side, in mobile apps, consumer hardware, etc.
These keys ARE intended to be exposed client side!
These keys should be used with the pak_
Public Access Key
Role | Prefix | Permissions | Example | Notes |
Wallet Admin | waka_ | wallet_deposit wallet_read wallet_transfer wallet_tx_read wallet_withdraw | waka_OkdGALaQ.... | |
Wallet Invoice | waki_ | wallet_deposit wallet_tx_read | waki_oSjzkjVR... | |
Wallet Read | wakr_ | wallet_read wallet_tx_read | wakr_h1JTla... | |
Wallet LNURL Withdraw | waklw_ | wallet_public_withdraw wallet_read wallet_withdraw | waklw_1Lldqo... | This key does not need an API key in order to withdraw! |
Wallet LNURL Pay | waklp_ | wallet_deposit | waklp_Hh3u23..... | This is only for RECEIVING lnurlpay requests |
Permission Breakdown
This table breaks down when it is appropriate to use the API Key and Wallet Key combo
Function | API Key | Wallet Key |
N/A | N/A | |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
Last updated