API Keys & Access Keys

API Keys: Secret Acess Key vs Public Access Key

The Secret Access Key or sak_and the Public Access Key or pak_have distinct permission roles to accommodate many Lightning Network use cases client side and server side.

Secret Access Key: The sak_ is intended to be used SERVER SIDE only, and is meant to be as secret as secret keys can get. This key has permission to perform ALL requests across the API.

If you intend to use the LNPay API only server side, you can disregard the Wallet Access Keys section below.

Public Access Key: The pak_ is intended to be used CLIENT SIDE only, and is intended to be paired with a Wallet Access Key (wak) The pak_ is essentially serves as an account identifier, while the Wallet Access Keys provide a level of control over wallets. This dynamic is helpful for when you want to have wallets perform certain functions client side, but do not want to expose your entire LNPay account.

The Public Access Key cannot perform any LIST functions (list wallets, list transactions).

Wallet Access Keys

Each wallet has role-based permissioned access keys associated with it. The keys are generated on wallet create via the API or dashboard. They are only available via the API in the response from wallet create‌, and cannot be retrieved later via the API.

The purpose of these keys are to restrict use with client side applications. Browser side, in mobile apps, consumer hardware, etc.

These keys ARE intended to be exposed client side!

These keys should be used with the pak_ Public Access Key

Role

Prefix

Permissions

Example

Notes

Wallet Admin

waka_

wallet_deposit

wallet_read

wallet_transfer

wallet_tx_read

wallet_withdraw

waka_OkdGALaQ....

Wallet Invoice

waki_

wallet_deposit

wallet_tx_read

waki_oSjzkjVR...

Wallet Read

wakr_

wallet_read

wallet_tx_read

wakr_h1JTla...

Wallet LNURL Withdraw

waklw_

wallet_public_withdraw

wallet_read

wallet_withdraw

waklw_1Lldqo...

This key is used in public LNURL links

Permission Breakdown

Server Side
Client Side
Server Side

Function

Access Key

Wallet Key

Create Wallet

sak_

N/A

Retrieve Wallet

sak_

wal_

Generate Invoice

sak_

wal_

Pay Invoice

sak_

wal_

Keysend

sak_

wal_

Transfer

sak_

wal_

Transactions

sak_

wal_ optional

Client Side

Function

Access Key

Wallet Key

Create Wallet

N/A

N/A

Retrieve Wallet

pak_

waka_or wakr_

Generate Invoice

pak_

waka_or waki_

Pay Invoice

pak_

waka_

Keysend

pak_

waka_

Transfer

pak_

waka_

Wallet Transactions

pak_

waka_or wakr_