Getting StartedGet an API Key

Get an API Key

Create test and live API keys in the transmute portal. Keys are shown once, scoped, and capped at 20 per account.

Create a key in the portal

  1. Sign in to the portal and open API Keys.
  2. Choose a name (e.g. staging-worker), an environment (test or live), and the scopes the key needs (the six core scopes are pre-selected).
  3. Create the key. The full key — tk_test_... or tk_live_... — is displayed exactly once. Copy it now; it cannot be retrieved again.

The full key is shown only at creation. We store a one-way hash, so neither you nor support can recover a lost key — you create a new one and revoke the old.

Key facts

PropertyValue
Formattk_test_ or tk_live_ + 43 characters
Retrieval after creationImpossible (hash-at-rest)
Maximum keys per account20 non-revoked keys
ExpiryPortal-created keys never expire
RevocationImmediate, from the portal or on request

Start with a test key — it exercises the full conversion engine and never generates a bill. Test keys share a one-time allowance of 250 requests per account (it never resets — enough to evaluate everything, not enough to run on); production and sustained development use live keys against your plan's monthly quota. See Test vs Live Keys for the exact rules.

Use the key

Send it as a bearer token on every request:

curl -sS -X POST 'https://api.transmute.403fin.io/v1/convert?to=camt.053' \
  -H "Authorization: Bearer $TRANSMUTE_KEY" \
  -H "Content-Type: text/plain" \
  --data-binary @statement.mt940

A missing, malformed, revoked, or unknown key gets a uniform unauthorized response — the API never hints at which part was wrong.

Keep it secret

  • Store keys in your secret manager, never in source control.
  • Give each system its own key (you have 20 slots) so revoking one doesn't take down another.
  • If a key may have leaked, rotate it immediately — revocation takes effect on the next request.