Skip to main content
Every Earn API endpoint requires an API key, passed on the X-API-Key header. Use the key issued when your organization was created, or contact the Turtle team if you need one. Store it securely.

Key types

There are two key types, distinguished by prefix. The publishable key (pk_live_) is safe in client-side and browser code. It covers read access to opportunities, deposit and wallet activity, and the verify endpoint. The secret key (sk_live_) is server-side only. It is required for write operations such as generating deposit and withdrawal transactions, creating memberships, and managing streams.
Never expose your sk_live_ key in client-side code, browsers, or public repositories. Treat it like a database password.

Publishable key

Secret key

Use this from your backend only. The example below builds a deposit, a write action that the publishable key cannot perform. See Deposit for the full request and response.

Rate limits

Rate limit state is returned in response headers. The budget is per key and resets hourly. When a limit is exceeded, the API returns 429 Too Many Requests.

Next steps

A valid key is only half of access control. Action endpoints also require the user’s wallet to be a registered Turtle member. See Register Wallet for the membership flow.