Authentication

Signing a request

Innovaz uses API keys to authenticate all API calls. Depending on the type of application environment, the base API URL will be one of the following:

• Testnet: https://api-testnet.innovaz.io

• Mainnet: https://api.innovaz.io

Every API request must contain the following headers:

• X-API-Key - The API Key created from your Innovaz application.

• Authorization - This value should be set to Bearer <Access Token>. The access token is a Base64-encoded JSON Web Token (JWT).

JWT Structure

The payload field should contain the following fields:

• uri - The URI part of the request (e.g., /v1/common/chains).

• nonce - Unique number or string. Each API request needs to have a different nonce.

• iat - The time at which the JWT was issued, in seconds since Epoch.

• exp - The expiration time on and after which the JWT must not be accepted for processing, in seconds since Epoch. (Must be less than iat+30sec.)

• sub - The API Key.

• bodyHash - Hex-encoded SHA-256 hash of the raw HTTP request body.

The JWT must be signed with the Innovaz API secret key and the RS256 algorithm.

Authorization: Bearer <JWT>