Get an API Key
Create test and live API keys in the transmute portal. Keys are shown once, scoped, and capped at 20 per account.
Create a key in the portal
- Sign in to the portal and open API Keys.
- Choose a name (e.g.
staging-worker), an environment (testorlive), and the scopes the key needs (the six core scopes are pre-selected). - Create the key. The full key —
tk_test_...ortk_live_...— is displayed exactly once. Copy it now; it cannot be retrieved again.
The full key is shown only at creation. We store a one-way hash, so neither you nor support can recover a lost key — you create a new one and revoke the old.
Key facts
| Property | Value |
|---|---|
| Format | tk_test_ or tk_live_ + 43 characters |
| Retrieval after creation | Impossible (hash-at-rest) |
| Maximum keys per account | 20 non-revoked keys |
| Expiry | Portal-created keys never expire |
| Revocation | Immediate, from the portal or on request |
Start with a test key — it exercises the full conversion engine and never generates a bill. Test keys share a one-time allowance of 250 requests per account (it never resets — enough to evaluate everything, not enough to run on); production and sustained development use live keys against your plan's monthly quota. See Test vs Live Keys for the exact rules.
Use the key
Send it as a bearer token on every request:
curl -sS -X POST 'https://api.transmute.403fin.io/v1/convert?to=camt.053' \
-H "Authorization: Bearer $TRANSMUTE_KEY" \
-H "Content-Type: text/plain" \
--data-binary @statement.mt940
A missing, malformed, revoked, or unknown key gets a uniform unauthorized response — the API never hints at which part was wrong.
Keep it secret
- Store keys in your secret manager, never in source control.
- Give each system its own key (you have 20 slots) so revoking one doesn't take down another.
- If a key may have leaked, rotate it immediately — revocation takes effect on the next request.