Qredo API
Introduction
Deprecation Notice
The Qredo API will be deprecated and replaced by Qredo API v2 in Q4 2023.
Web App v1/v2
The new Qredo Web App v2 is now available! If you're using the Qredo API, you'll be migrated to the new Web App once the new Qredo API v2 is available. Right now you'll be temporarily redirected to the legacy Web App — Qredo Web App v1. All UI steps and concepts mentioned in this section match the legacy Web App.
TL;DR
- Qredo API v1 is a REST-ful Open API 3 service
- It provides two main services: Web3 API Wallet and Read-only API
- To use it, you need to authenticate and sign requests
- Production and Sandbox environments are available
- Personal and organizational accounts are available
- Get started here
Service overview
The Qredo API allows you to apply granular control over who may programmatically create and approve Web3 transactions and access reporting data.
API keys control access to the service. This allows you to provide the keys to your selected trusted parties.
Furthermore, such keys can be assigned to the entity-level of your choice:
- Organization
- Wallet
Who uses Qredo API?
Companies and developers requiring a programmatic integration with Qredo to implement intuitive white-label and dApp integrations to transact over Web3.
Versions
The Qredo API v1 currently provides two services that have different requirements for use:
Supporting broadcast-ready transaction creation, approval, signing, and status updates.
Reporting service.
API features
Qredo Services provide a standard RESTful web service that uses HTTPS. All payloads and responses are in JSON format.
API environments and Base URLs
Two API environments are available:
1. Production: the live environment
Production base URL:
https://api.qredo.network/qapi/v1/
2. Sandbox: the experience in the Sandbox mirrors Production. However, you can only use testnet assets in the Sandbox.
Sandbox base URL:
https://sandbox-api.qredo.network/qapi/v1
You can always restore your account from Master Seed, as described in this tutorial: Restore from Master Seed
Please note that if you're recovering a Sandbox account, in the Step 5 you need to append the following to your email: @https://sandbox.qredo.network/api/v1/
For example: [email protected]@https://sandbox.qredo.network/api/v1/
Authentication
You should generate an API key and API secret pair.
The API key authenticates your API user, and the API secret is used to sign and encrypt every API request.
Further information
API requests
The API requests use standard HTTP methods: GET, PUT, POST, and DELETE. Every request submitted to the API must be signed and encrypted using the HMAC-SHA256 hashing algorithm. This provides request integrity and adds a security layer for authorizing with the API service.
Request headers
All API resources use the same header format.
With every API request, you must supply the following headers:
| Header | Description |
|---|---|
accept: application/json | All payloads are in JSON |
qredo-api-sig | The unique signature generated for each API request (including the JSON payload where applicable) |
qredo-api-ts | The signature timestamp |
qredo-api-key | The API key as generated by the user in the Qredo Web App |
Headers are excluded from examples
In this guide, the request headers are usually omitted in examples. You will need to generate and pass the signature and timestamp with each API call. To facilitate your understanding and use of signatures, Qredo provides a dedicated example tool to sign and timestamp your requests.
Request examples
In the API specification, requests are presented as curl requests, e.g.:
curl -X GET https://api.qredo.network/qapi/v1/balance
The body of each request (if applicable) is presented as uncompressed JSON.
API responses
Responses use standard HTTP codes to indicate status and errors. Data is returned in JSON format unless the endpoint specifically serves to provide a specialized payload, e.g., .csv.
Response examples
In the API specification, the return data in each response is presented as formatted JSON. For example, the return body of GET /balance is structured as follows:
{
"assets": [
{
"BTC": {
"total": 1000,
"available": 980,
"pendingIn": 20,
"pendingOut": 0,
"scale": 1
}
},
{
"ETH": {
"total": 2000,
"available": 1500,
"pendingIn": 500,
"pendingOut": 0,
"scale": 1
}
}
]
}
Personal vs. Organizational Accounts
Qredo API v1 responses are returned on a by-key basis. For example, you may be linked to one (or more) Organizations via your Personal Qredo Account. However, the Qredo API v1 returns data according to the API key used, i.e., each call is specific to one Account.
If you use a Personal Account API key, your API call returns data regarding that Personal Account. Similarly, when you are using the API key of an Organizational Account, all details and API actions relate to that Organizational Account only.
Granular control
API keys may provide a level of access below the Account level. Such granular access is a key component of the customizable nature of Qredo's custody layer.