Create API key

curl --request POST \
  --url https://clob.forka.st/auth/api-key \
  --header 'FORKAST_ADDRESS: <forkast_address>' \
  --header 'FORKAST_NONCE: <forkast_nonce>' \
  --header 'FORKAST_SIGNATURE: <forkast_signature>' \
  --header 'FORKAST_TIMESTAMP: <forkast_timestamp>'

{
  "key": "5f0c1f74-0c0e-4dc4-9d3f-5b0c8c2f6c62",
  "secret": "0v3KQ9nZgk4JrYvPQpQZBQ==",
  "passphrase": "8f2b1c0d8a6e4f7b9c2d1e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3"
}

POST

auth

api-key

Create API key

curl --request POST \
  --url https://clob.forka.st/auth/api-key \
  --header 'FORKAST_ADDRESS: <forkast_address>' \
  --header 'FORKAST_NONCE: <forkast_nonce>' \
  --header 'FORKAST_SIGNATURE: <forkast_signature>' \
  --header 'FORKAST_TIMESTAMP: <forkast_timestamp>'

{
  "key": "5f0c1f74-0c0e-4dc4-9d3f-5b0c8c2f6c62",
  "secret": "0v3KQ9nZgk4JrYvPQpQZBQ==",
  "passphrase": "8f2b1c0d8a6e4f7b9c2d1e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3"
}

Generate a new set of Forkast API credentials using an L1 wallet signature.

You can also use the hosted console at auth.forka.st to connect your wallet, mint credentials, view existing keys, or revoke them without crafting raw requests.

This endpoint requires the L1 header. Provide FORKAST_ADDRESS, FORKAST_SIGNATURE, FORKAST_TIMESTAMP, and FORKAST_NONCE. To credit a referral, include the optional FORKAST_REFERRAL header.

Required headers

Header	Description
`FORKAST_ADDRESS`	Polygon address that controls the wallet signing the request.
`FORKAST_SIGNATURE`	EIP-712 signature authorizing the API key creation.
`FORKAST_TIMESTAMP`	Current Unix timestamp (seconds).
`FORKAST_NONCE`	Monotonic nonce tied to the signature.

Optional headers

Header	Description
`FORKAST_REFERRAL`	Referral wallet address to credit, must be a 0x-prefixed Polygon address (for example, `0x1bc5698917fe6b0d10fa60b739c81854f808fdc2`).

Response fields

Field	Type	Description
`key`	string	UUID v4 identifier for subsequent API requests (`FORKAST_API_KEY`).
`secret`	string	Base64-encoded secret (may include padding `=`) used to sign L2 requests; store securely.
`passphrase`	string	64-character hex string sent with each L2 request (`FORKAST_PASSPHRASE`).

The secret and passphrase are returned only once. Persist them securely—Forkast cannot recover these values later. To inspect keys later, use GET /auth/api-keys; to revoke, call DELETE /auth/api-key.

Headers

FORKAST_ADDRESS

string

required

Polygon address authorizing the request.

FORKAST_SIGNATURE

string

required

EIP-712 signature for the L1 authentication payload.

FORKAST_TIMESTAMP

string

required

Unix timestamp (seconds) included in the signed payload.

FORKAST_NONCE

string

required

Nonce value tied to the signature.

FORKAST_REFERRAL

string

Optional referral wallet address (must start with 0x).

Example:

"0x1bc5698917fe6b0d10fa60b739c81854f808fdc2"

Response

API key credentials

key

string

required

UUID v4 identifier used for L2 requests.

Example:

"5f0c1f74-0c0e-4dc4-9d3f-5b0c8c2f6c62"

secret

string

required

Base64-encoded secret used to derive L2 signatures.

Example:

"0v3KQ9nZgk4JrYvPQpQZBQ=="

passphrase

string

required

64-character hex string sent with each L2 request.

Example:

"8f2b1c0d8a6e4f7b9c2d1e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3"

Authentication overview Revoke API key

⌘I

Platform

CLOB

Relayer

Data API

Subgraph

Conditional Token Framework

Proxy wallet

Negative risk

Create API key

Required headers

Optional headers

Response fields

Headers

Response

Platform

CLOB

Relayer

Data API

Subgraph

Conditional Token Framework

Proxy wallet

Negative risk

​Required headers

​Optional headers

​Response fields

Headers

Response

Required headers

Optional headers

Response fields