Eligibility
Before you can create a key, your account must meet both requirements:- API keys enabled — available on eligible accounts. If the section is unavailable, contact hello@phygitals.com.
- External Solana wallet linked — a self-custodied Solana wallet connected to your account. Embedded or custodial wallets do not qualify.
Creating a key
Open Settings
Go to phygitals.com/settings and find the API keys section.
Name the key
Choose a descriptive name (for example
production-bot or buyback-script). Names help you identify keys later — only the prefix of the secret is shown after creation.Set expiration
Choose Never expires or pick a future date and time. Expired keys stop working immediately.
Limits
- Up to 10 active keys per account at a time
- Revoke unused keys before creating new ones if you hit the limit
Listing keys
The Settings page lists all active keys with:| Field | Description |
|---|---|
| Name | Label you chose at creation |
| Prefix | First characters of the secret (for identification only) |
| Scopes | vm.buy.crypto, marketplace.take-claw-bid |
| Expires | Expiration date, or “Never” |
| Last used | Approximate time of the most recent authenticated request |
Updating expiration
You can change a key’s expiration from Settings:- Switch between Never expires and a specific date
- Set a new future expiration on an existing key
Revoking a key
Revocation is immediate and permanent. A revoked key returns401 on the next request. Revoke keys you no longer use — especially if a secret may have been exposed.
Security practices
- One key per integration — use separate keys for different scripts or environments so you can revoke individually
- Rotate on exposure — if a secret leaks, revoke it immediately and create a replacement
- Prefer short expirations for experimental or temporary automation
- Server-side only — keys authenticate as you; never ship them to browsers or mobile clients