The Qredo API and Partner API are being deprecated and will be replaced by a breaking change in Q4. To receive updates about the release, register here.
Qredo Logo

Qredo API


Deprecation Notice

The Qredo API will be deprecated and replaced by Qredo API v2 in Q4 2023.

Web App v1/v2

The new Qredo Web App v2 is now available! If you're using the Qredo API, you'll be migrated to the new Web App once the new Qredo API v2 is available. Right now you'll be temporarily redirected to the legacy Web App — Qredo Web App v1. All UI steps and concepts mentioned in this section match the legacy Web App.


Service overview

The Qredo API allows you to apply granular control over who may programmatically create and approve Web3 transactions and access reporting data.

API keys control access to the service. This allows you to provide the keys to your selected trusted parties.

Furthermore, such keys can be assigned to the entity-level of your choice:

  • Organization
  • Wallet

Who uses Qredo API?

Companies and developers requiring a programmatic integration with Qredo to implement intuitive white-label and dApp integrations to transact over Web3.


The Qredo API v1 currently provides two services that have different requirements for use:

  • Web3 API Wallet

    Supporting broadcast-ready transaction creation, approval, signing, and status updates.

  • Read-only

    Reporting service.

API features

Qredo Services provide a standard RESTful web service that uses HTTPS. All payloads and responses are in JSON format.

API environments and Base URLs

Two API environments are available:

1. Production: the live environment

Production base URL:

2. Sandbox: the experience in the Sandbox mirrors Production. However, you can only use testnet assets in the Sandbox.

Sandbox base URL:

You can always restore your account from Master Seed, as described in this tutorial: Restore from Master Seed

Please note that if you're recovering a Sandbox account, in the Step 5 you need to append the following to your email: @

For example: [email protected]@


You should generate an API key and API secret pair.

The API key authenticates your API user, and the API secret is used to sign and encrypt every API request.

Further information

API requests

The API requests use standard HTTP methods: GET, PUT, POST, and DELETE. Every request submitted to the API must be signed and encrypted using the HMAC-SHA256 hashing algorithm. This provides request integrity and adds a security layer for authorizing with the API service.

Request headers

All API resources use the same header format.

With every API request, you must supply the following headers:

accept: application/jsonAll payloads are in JSON
qredo-api-sigThe unique signature generated for each API request (including the JSON payload where applicable)
qredo-api-tsThe signature timestamp
qredo-api-keyThe API key as generated by the user in the Qredo Web App

Headers are excluded from examples

In this guide, the request headers are usually omitted in examples. You will need to generate and pass the signature and timestamp with each API call. To facilitate your understanding and use of signatures, Qredo provides a dedicated example tool to sign and timestamp your requests.

Request examples

In the API specification, requests are presented as curl requests, e.g.:

curl -X GET

The body of each request (if applicable) is presented as uncompressed JSON.

API responses

Responses use standard HTTP codes to indicate status and errors. Data is returned in JSON format unless the endpoint specifically serves to provide a specialized payload, e.g., .csv.

Response examples

In the API specification, the return data in each response is presented as formatted JSON. For example, the return body of GET /balance is structured as follows:

  "assets": [
      "BTC": {
        "total": 1000,
        "available": 980,
        "pendingIn": 20,
        "pendingOut": 0,
        "scale": 1
      "ETH": {
        "total": 2000,
        "available": 1500,
        "pendingIn": 500,
        "pendingOut": 0,
        "scale": 1

Personal vs. Organizational Accounts

Qredo API v1 responses are returned on a by-key basis. For example, you may be linked to one (or more) Organizations via your Personal Qredo Account. However, the Qredo API v1 returns data according to the API key used, i.e., each call is specific to one Account.

If you use a Personal Account API key, your API call returns data regarding that Personal Account. Similarly, when you are using the API key of an Organizational Account, all details and API actions relate to that Organizational Account only.

Granular control

API keys may provide a level of access below the Account level. Such granular access is a key component of the customizable nature of Qredo's custody layer.