Skip to main content
To ensure the highest level of security for our partners, Erysta uses a Dual-Layer Authentication system. You must complete both the API Key generation and the IP Whitelisting to successfully communicate with our servers..

1. Managing your API Keys

The API Key is your primary credential. It must be passed in the header of every request.
1

Generate your Key

Navigate to your Profile and select the Business tab. Under the API Access section, click on Generate. You will be asked to provide a name for the key. We recommend using a descriptive name (e.g., “Main-Production-Server”) to easily identify its purpose later.
2

Secure Storage (One-Time Display)

Once you click Create, your full API Key will be displayed.
This is the only time the full key will ever be shown. > You must copy and store it immediately in a secure environment (such as a Secret Manager or a password manager). Our system does not store the plain-text key for security reasons.
3

Step 3: Identification & Management

After closing the generation modal, you can manage your keys in the dashboard. For your convenience and security, only the last 4 characters of each key are displayed. This allows you to identify which key is being used by which of your services without exposing the full credential. You can revoke (delete) a key at any time if you suspect it has been compromised.

2. Access Control (IP Whitelisting)

As an additional security layer, our API only accepts requests originating from pre-authorized network addresses.
1

Authorize your Infrastructure

In the same API Access tab, locate the IPs Whitelist section. Every server or environment that needs to call the Erysta API must have its public IP address added here.
2

Network Compatibility

We provide full support for both IPv4 and IPv6 addresses. Ensure you add the specific public IP of your server and not a local or internal network address. If your infrastructure uses multiple exit nodes, you must whitelist each unique IP address.

Technical Implementation

Every request to the Erysta API must be signed with your security credentials. Use the following header to identify your service.
HeaderValueDescription
x-api-key<YOUR_API_KEY>Your unique secret API key generated in the dashboard.
curl --request GET \
  --url https://api.erysta.com/v1/partners/products \
  --header 'x-api-key: YOUR_API_KEY_HERE'