Cek Ceir

Authentication

Create API keys, scope access, and send authenticated requests securely.

Modified at Apr 28, 2026, 05:38 AM UTC

API authentication uses API keys. Each key belongs to an account and carries a selected set of permissions.

Need an API key?

Create an API key from the dashboard, then select the permissions your integration needs. Create API key

Use limited scope

Select the smallest permission set that works. For an order-only integration, do not also grant transfer or wallet ledger access.

RBAC and Permissions

API keys follow RBAC. Cek Ceir shows API-key access in the places where users make decisions:

The create form lists the permissions that can be granted to the key.
The key detail page shows the saved permission set, key status, expiry, last-used time, and webhook URL.
GET /api/me returns the effective permissions for the credential making the request.

When a key is valid but does not have access to the requested feature, the API returns 403.

Expired, disabled, deleted, or malformed keys return 401.

Create keys and send authenticated requests.

See how permission access is shown and checked.

Check whether a key can call authenticated APIs.

API Keys

Create and use API keys for server-to-server requests.