Documentation Index
Fetch the complete documentation index at: https://docs.clear-box.io/llms.txt
Use this file to discover all available pages before exploring further.
The ClearBox API uses API keys to authenticate requests. You can view and manage keys in the Dashboard under Settings → API Keys.
API keys
Every request must include your secret API key in the Authorization header as a bearer token:
curl https://api.clearbox.example.com/v1/wallets \
-H "Authorization: Bearer $CLEARBOX_API_KEY"
| Prefix | Environment |
|---|
cb_sandbox_... | Sandbox |
cb_live_... | Production |
Your secret key grants full access to your ClearBox program. Never expose it in client-side code, commit it to version control, or include it in URLs. Treat it like a password. If a key is compromised, roll it immediately from the Dashboard.
Publishable keys
Client-side flows — such as launching the embedded Quiltt connector or the Apple Wallet provisioning prompt — use a short-lived, scoped token your backend mints, rather than your secret key. See Link a bank with Quiltt and Apple Pay provisioning for how those tokens are issued.
Rotating keys
You can maintain multiple active keys to support zero-downtime rotation:
Create a new key
Generate a second key in the Dashboard.
Deploy it
Roll the new key out to your services.
Revoke the old key
Once traffic is fully on the new key, revoke the old one.
