For security reasons, the Wasabi Account Control API caller must use HTTPS, as any non-HTTPS calls will be redirected to HTTPS endpoints.
Authentication of Wasabi Account Control API calls will be through the Authorization HTTP header. The caller must use the secret API key provided by Wasabi as the Authorization header value.
If the security of an API key has been breached, it is the Wasabi Control Account holder’s responsibility to immediately contact Wasabi and have the old API key invalidated and a new API key generated.
The Wasabi Account Control API key will support rolling-key management where two sets of API keys are supported for an overlapping time period. Callers into the API can use either keys when making calls into the API. This allows for the expiration of one key while the other key remains valid during a transition period.
Updated about 1 year ago