API Keys
API keys authenticate your requests to the SanctionsWise API. This guide covers how to generate, manage, and secure your API keys.
Overview​
Each API key:
- Is unique to your account
- Should be kept secret
- Can be revoked at any time
- Starts with the prefix
sw_
Generating an API Key​
Step 1: Navigate to API Keys​
- Log in to your dashboard
- Select SanctionsWise from the product selector
- Click API Keys in the navigation menu
Step 2: Create New Key​
- Click Generate New Key
- Enter a description for the key (e.g., "Production Screening", "Development")
- Click Generate
Step 3: Copy Your Key​
Important: Your API key is only shown once. Copy it immediately and store it securely.
- Click the Copy button next to the key
- Store the key in a secure location (e.g., environment variables, secrets manager)
- Click Done
Example API key format:
sw_27e680a548892aa44e700e097b946056
Using Your API Key​
Include your API key in the x-api-key header with every request:
curl -X POST "https://api.sanctionswise.orchestraprime.ai/v1/screen/entity" \
-H "x-api-key: sw_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "John Smith",
"entity_type": "individual"
}'
Python Example​
import requests
headers = {
"x-api-key": "sw_YOUR_API_KEY",
"Content-Type": "application/json"
}
response = requests.post(
"https://api.sanctionswise.orchestraprime.ai/v1/screen/entity",
headers=headers,
json={
"name": "John Smith",
"entity_type": "individual"
}
)
JavaScript Example​
const response = await fetch(
"https://api.sanctionswise.orchestraprime.ai/v1/screen/entity",
{
method: "POST",
headers: {
"x-api-key": "sw_YOUR_API_KEY",
"Content-Type": "application/json"
},
body: JSON.stringify({
name: "John Smith",
entity_type: "individual"
})
}
);
Viewing Your Keys​
The API Keys page shows all your active keys:
| Column | Description |
|---|---|
| Key ID | First 8 characters of the key (for identification) |
| Description | Your description for the key |
| Created | When the key was generated |
| Last Used | Last time the key was used (if tracked) |
| Actions | Revoke button |
Note: The full key is never shown after creation for security reasons.
Revoking an API Key​
To revoke a key that's no longer needed or may have been compromised:
- Navigate to API Keys
- Find the key you want to revoke
- Click the Revoke button
- Confirm by clicking Yes, Revoke
Warning: Revoking a key is immediate and permanent. Any applications using that key will stop working.
Key Limits​
| Tier | Max Active Keys |
|---|---|
| Free | 2 |
| Starter | 5 |
| Professional | 10 |
| Enterprise | 25 |
Security Best Practices​
Do​
- Store keys in environment variables or a secrets manager
- Use different keys for development and production
- Rotate keys periodically (every 90 days recommended)
- Revoke unused keys immediately
Don't​
- Commit keys to version control (Git, etc.)
- Share keys in plain text (email, chat, etc.)
- Embed keys in client-side code (JavaScript in browsers)
- Use the same key across multiple environments
Environment Variables Example​
# Set the environment variable
export SANCTIONSWISE_API_KEY="sw_YOUR_API_KEY"
# Use in your application
import os
api_key = os.environ.get("SANCTIONSWISE_API_KEY")
Troubleshooting​
"Invalid API Key" Error​
If you receive a 401 error with "Invalid API key":
- Verify the key is copied correctly (no extra spaces)
- Check the key hasn't been revoked
- Ensure you're using the correct header name (
x-api-key)
"Rate Limit Exceeded" Error​
If you receive a 429 error:
- Check your tier's rate limit
- Implement exponential backoff in your code
- Consider upgrading your tier if you need higher limits
Key Not Working After Generation​
- Wait a few seconds - keys activate immediately but propagation may take a moment
- Verify you copied the full key
- Try generating a new key if the issue persists