Skip to main content
The MoonKey REST API provides programmatic access to all authentication and wallet management functionality. Use the API to manage users, create wallets, handle authentication flows, and more from your backend.

Prerequisites

Before you begin, make sure you have:

Base URL

All requests to the MoonKey API must be made to the following base URL: 
https://api.moonkey.fun
HTTPS is required for all requests. HTTP requests will be rejected.

Authentication

The MoonKey API uses Bearer token authentication. You must include your API key in the Authorization header of every request.

API Keys

MoonKey provides two types of API keys:
Key TypeFormatUsageSecurity
Test Keyssk_test_...Development and testingSafe to use in test environments
Live Keyssk_live_...ProductionKeep secure, never expose in client code
Never share your secret API keys in publicly accessible areas such as GitHub, client-side code, or browser developer tools. Always use environment variables to store your keys.

Authentication Header

Include your API key in the Authorization header using the Bearer scheme: 
Authorization: Bearer {your_api_key}

Required Headers

Every API request must include these headers:
Authorization
string
required
Bearer token with your MoonKey API key (test or live).Example: Bearer sk_test_pRqweh3wvWmJAAVYv7Z0T5iPLzFM4ql0muoyQcjOxGeN3p1r
Content-Type
string
required
Set to application/json for all requests with a body.

Getting Your API Keys

Retrieve your API keys from the MoonKey Dashboard:
  1. Log in to your MoonKey Dashboard
  2. Select your app from the dropdown
  3. Navigate to API Keys in the sidebar
  4. Copy your test or live API key
  5. Store it securely in your environment variables
Start with test keys during development. Switch to live keys only when you’re ready to go to production.

Example Requests

Here are examples of making authenticated requests to the MoonKey API in different languages:
  • cURL
  • JavaScript
  • Node.js
  • Python
  • Go
curl -X GET "https://api.moonkey.fun/v1/auth/users/user_123" \
  -H "Authorization: Bearer sk_test_your_api_key_here" \
  -H "Content-Type: application/json"

Making POST Requests

For requests that create or update resources, include a JSON body:
  • cURL
  • JavaScript
  • Python
curl -X POST "https://api.moonkey.fun/v1/auth/users" \
  -H "Authorization: Bearer sk_test_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com"
  }'

Environment Variables

Store your API keys securely using environment variables:
.env
# Never commit this file to version control!
MOONKEY_SECRET_KEY=sk_test_your_api_key_here
Loading environment variables:
  • Node.js
  • Python
  • Next.js
// Using dotenv package
require('dotenv').config();

const apiKey = process.env.MOONKEY_SECRET_KEY;

Response Format

All API responses are returned in JSON format with consistent structure:

Success Response

{
  "id": "user_123",
  "email": "user@example.com",
  "created_at": "2024-01-15T10:30:00Z",
  // ... additional fields
}

Error Response

{
  "error": {
    "code": "invalid_request",
    "message": "Missing required field: email"
  }
}

HTTP Status Codes

The MoonKey API uses standard HTTP status codes:
Status CodeMeaning
200Success - Request completed successfully
201Created - Resource created successfully
400Bad Request - Invalid request parameters
401Unauthorized - Invalid or missing API key
403Forbidden - API key doesn’t have required permissions
404Not Found - Resource doesn’t exist
429Too Many Requests - Rate limit exceeded
500Internal Server Error - Something went wrong on our end

Rate Limiting

The MoonKey API implements rate limiting to ensure service reliability:
  • Test environment: 100 requests per minute
  • Production environment: 1000 requests per minute
When you exceed the rate limit, you’ll receive a 429 status code. The response includes headers indicating when you can retry: 
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1640000000
Implement exponential backoff when you receive rate limit errors to ensure your application handles limits gracefully.

Best Practices

Security

  • Never expose API keys in client-side code - API keys should only be used from your backend
  • Use environment variables - Store keys in .env files and never commit them to version control
  • Rotate keys regularly - Generate new keys periodically and revoke old ones
  • Use test keys in development - Keep live keys separate and only use them in production

Error Handling

Always implement proper error handling: 
try {
  const response = await fetch('https://api.moonkey.fun/v1/auth/users/user_123', {
    method: 'GET',
    headers: {
      'Authorization': `Bearer ${apiKey}`,
      'Content-Type': 'application/json'
    }
  });

  if (!response.ok) {
    const error = await response.json();
    throw new Error(error.error.message);
  }

  const data = await response.json();
  return data;
} catch (error) {
  console.error('API request failed:', error.message);
  // Handle error appropriately
}

Testing Your Integration

Test your API integration with these steps:
  1. Use test API keys - Start with sk_test_... keys
  2. Test authentication - Verify your API key works by fetching user data
  3. Handle errors - Test error scenarios (invalid keys, missing parameters, etc.)
  4. Check rate limits - Ensure your application handles rate limiting properly
  5. Validate responses - Verify response structure matches documentation

Next Steps

Now that you’ve set up API authentication, explore the available endpoints:

Authentication

Manage user authentication and sessions

Users

Create and manage user accounts

Wallets

Create and manage user wallets

Sessions

Verify and manage user sessions

Support

Need help with the REST API?
  • Check the API Reference for detailed endpoint documentation
  • Review code examples for common patterns
  • Contact support for technical assistance