Use a workspace API key to hit the Onstacks API. Send the key in the Authorization header on every
protected request.
Base URL
export ONSTACKS_API_URL="https://api.onstacks.io"
Authenticate requests
export ONSTACKS_API_KEY="osk_test_..."
Authorization: Bearer osk_test_...
Make your first request
Check service readiness
Health endpoints do not require an API key.curl "$ONSTACKS_API_URL/readyz"
List wallets
Use environment=sandbox while testing.curl "$ONSTACKS_API_URL/v1/wallets?environment=sandbox" \
-H "Authorization: Bearer $ONSTACKS_API_KEY"
Create a wallet
curl -X POST "$ONSTACKS_API_URL/v1/wallets?environment=sandbox" \
-H "Authorization: Bearer $ONSTACKS_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Operating wallet"
}'
Create a transfer preview
Preview a withdrawal before creating a transfer.curl -X POST "$ONSTACKS_API_URL/v1/wallets/$WALLET_ID/withdrawal/preview?environment=sandbox" \
-H "Authorization: Bearer $ONSTACKS_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"network_code": "ethereum_sepolia",
"asset": "USDC",
"amount": "1000000",
"to_address": "0xabc..."
}'
Treat API keys like passwords. Store them server-side and never expose live keys in browser code.
