2. Getting your API key

Getting your Bond Studio API identity and authorization keys.

Before you begin

First, you need to Sign up to Bond Studio in the Bond API Reference.


What is your API key used for?

An API key is used in requests from your Bond Studio account to the Bond Studio APIs. The key identifies your Bond Studio account, not the individual brand team member who generated it. When you generate an API key, all members of your Bond Studio account can use it.

You can use the same API key to access all APIs. For incoming requests, Bond Studio APIs require authentication using both the identity and authorization parts of an API key in the request header. The authorization is confidential to your brand and is used to verify your identity.

Your brand can have any number of API keys, each with a varying levels of permissions. Currently, all API keys generated have access to all the endpoints within Bond Studio.

Getting an API Key

Do the steps below to get a sandbox API key. You can also request a production key, but this is not enabled until the integration with your bank partner is complete.

  1. Log in to the dashboard.
  2. Go to Develop > Sandbox > API Keys.
  1. Enter the name you want for the new API key and click Create.


Naming restrictions

  • At least three characters
  • No more than 128 characters
  • Must not contain spaces
  • Must not contain any of the following characters; / ^ ( ? ! \ s + $ ) . * /
 Your new API key is generated and the identity and authorization are displayed.


Save a copy of the identity and authorization

If you lose the authorization it can't be retrieved. Make sure to copy it to a safe place.

 You can view the details of your API key, apart from the authorization, in the **API keys** window .

Verify your API key

To verify your API key, send the HTTP request show below to the auth endpoint.
Include your identity and authorization information in the request header.

curl --location --request GET 'https://sandbox.bond.tech/api/v0/auth/key/YOUR-IDENTITY' \
--header 'Identity: YOUR-IDENTITY' \
--header 'Authorization: YOUR-AUTHORIZATION'
import requests

url = "https://sandbox.bond.tech/api/v0/auth/key/YOUR-IDENTITY"

payload = {}
headers = {
  'Identity': 'YOUR-IDENTITY',
  'Authorization': 'YOUR-AUTHORIZATION'

response = requests.request("GET", url, headers=headers, data = payload)
require "uri"
require "net/http"

url = URI("https://sandbox.bond.tech/api/v0/auth/key/YOUR-IDENTITY")

https = Net::HTTP.new(url.host, url.port);
https.use_ssl = true

request = Net::HTTP::Get.new(url)
request["Identity"] = "YOUR-IDENTITY"
request["Authorization"] = "YOUR-AUTHORIZATION"

response = https.request(request)
const data = null;

const xhr = new XMLHttpRequest();

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {

xhr.open("GET", "https://sandbox.bond.tech/api/v0/auth/key/YOUR-IDENTITY");
xhr.setRequestHeader("Identity", YOUR-IDENTITY);
xhr.setRequestHeader("Authorization", YOUR-AUTHORIZATION);

var client = new RestClient("https://sandbox.bond.tech/api/v0/auth/key/YOUR-IDENTITY");
var request = new RestRequest(Method.GET);
request.AddHeader("identity", YOUR-IDENTITY);
request.AddHeader("authorization", YOUR-AUTHORIZATION);
IRestResponse response = client.Execute(request);
OkHttpClient client = new OkHttpClient();

Request request = new Request.Builder()
  .addHeader("identity", YOUR-IDENTITY)
  .addHeader("authorization", YOUR-AUTHORIZATION)

Response response = client.newCall(request).execute();

A successful request returns a 200 response code with your key's non-secret data as shown below.

  "identity": "de8860e3-5af8-499a-9034-bfe4072d23d4",
  "key_name": "starcups",
  "role_id": "8a3b727f-c4f1-4b9e-b6ba-be22a6ce92c8",
  "role_name": "OS_FULL_ACCESS",
  "org_id": "e0cb163c-51dc-44b0-af3c-5c68341068da",
  "grantor": "ec003dc6-ebc5-419e-a14f-fad9cbca0d22",
  "grantor_os_user_id": "1445e863-43a9-4408-acf0-158448bfa430",
  "grantee": "1442b863-43a9-4848-acf0-158448bfa430",
  "date_created": "2021-02-09T08:03:21.777887+00:00",
  "date_updated": "2021-02-09T12:52:25.394084+00:00",
  "date_revoked": null,
  "date_expired": null,
  "status": "active",
  "call_count": 3,
  "last_call": "2021-02-09T12:52:25.392641+00:00",
  "last_auth": "S",
  "last_used": "2021-02-09T12:52:25.393379+00:00",
  "last_method": "unknown",
  "last_route": "unknown"

Using your API key

Use your API key to authenticate all HTTP requests from your Bond Studio account to the Bond APIs. Include the identity and authorization components of the API key in the request header.

With your API key, here are some of the things that Bond enables you to do.

Onboard a customer

Create and manage a Customer resource to represent your customer
View balance

View balances for all brand card accounts
View transactions

View fund transactions to and from all your brand's card accounts
Transfer funds

Transfer funds between cards and external bank accounts
Create a card

Create a card resource within a card program for your customer
Manage cards

Manage the status of card resources, and close or re-issue cards
Link external account

Link an external bank account to a card account

Did this page help you?