Skip to main content
The Myaza API supports two authentication methods depending on your use case. API keys are the primary auth method for backend integrations. Pass your key in every request using the X-API-Key header.
API keys are managed exclusively through the Myaza Dashboard. Creating, viewing, and revoking API keys is not available via the public API. Go to posapp.myaza.coSettings → API Keys to manage your keys.
curl https://myaza-blockchain-core.onrender.com/api/v1/crypto/wallets/generate \
  -H "X-API-Key: ak_live_xxxxxxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{"chain": "polygon"}'

Getting an API Key

  1. Log in to the Myaza Dashboard
  2. Go to Settings → API Keys
  3. Click Generate New Key
  4. Copy the key — it is only shown once
API keys are shown only once at creation. Store them securely in environment variables, not in source code. If you lose a key, you must generate a new one from the dashboard.

API Key Scopes

When creating an API key in the dashboard, choose the appropriate scope:
ScopeDescription
readCan read data (balances, transactions, webhooks)
writeCan read and write data (transfers, wallet generation, POS sessions)

Key Restrictions (Optional)

You can further restrict API keys from the dashboard:
  • IP Whitelist — limit usage to specific IP addresses
  • Rate Limit — cap requests per minute
  • Permissions — restrict to specific resources (e.g., crypto:read, staking:stake)

JWT Bearer Token (For User Sessions)

For user-facing flows (dashboards, admin panels), authenticate with email/password and use the returned JWT.

Login

curl -X POST https://myaza-blockchain-core.onrender.com/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "admin@yourcompany.com",
    "password": "YourPassword123!"
  }'
Response
{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "tokenType": "Bearer",
  "account": {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "email": "admin@yourcompany.com"
  }
}

Using the JWT

Pass the token in the Authorization header: 
curl https://myaza-blockchain-core.onrender.com/api/v1/auth/me \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
JWTs are short-lived. When they expire, log in again to obtain a new token.

Choosing the Right Method

Use CaseMethodWhere to get credentials
Backend server calling the APIAPI KeyMyaza Dashboard → Settings → API Keys
CI/CD pipelines, cron jobsAPI KeyMyaza Dashboard → Settings → API Keys
Admin dashboard loginJWTPOST /auth/login with your email & password

Security Best Practices

  • Never hardcode API keys in source code — use environment variables
  • Rotate API keys regularly
  • Use the minimum scope needed (read unless writes are required)
  • Set IP whitelisting for production keys
  • Set expiration dates on API keys
  • Revoke unused keys immediately from the dashboard