Authentication
Every API request must be authenticated with credentials provisioned for your Wave integration.
For POST /v1/transfer/sns, these headers are required:
Api-KeyIdempotency-Key
Obtain your API key
- Sign in to your Gravv Dashboard.
- Select your configured environment.
- Open Manage → Configure → API Keys.
- Copy your server-side secret key.
Keep credentials server-side only. Never expose them in frontend code or public repositories.
Use credentials in requests
curl -X POST "https://api.gravv.xyz/v1/transfer/sns" \
-H "accept: application/json" \
-H "Api-Key: <YOUR_API_KEY>" \
-H "Idempotency-Key: <YOUR_IDEMPOTENCY_KEY>" \
-H "Content-Type: application/json" \
-d '{
"source": { "source_type": "internal_account", "id": "<SOURCE_ACCOUNT_ID>" },
"destination": { "destination_type": "external_account", "id": "<RECIPIENT_ID>" },
"amount": "100.00"
}'
All requests must be sent over HTTPS. Invalid or missing credentials return 401.
Webhook credentials
For webhooks, you need to create them and generate their Secret Key:
- Follow steps 1 through 3 in Obtain your API key.
- Click
Webhooksin the Dashboard. - Click
Create Webhookto open the form. - Enter your webhook endpoint in the
Webhook URLfield. - Click
Generateto create your webhookSecret Key.
You can regenerate your Secret Key at any time by clicking Rotate API Key in your Dashboard.
For more information about webhooks, see Webhooks.