Skip to content

Authentication

Every API request must be authenticated with credentials provisioned for your Wave integration.

For POST /v1/transfer/sns, these headers are required:

  • Api-Key
  • Idempotency-Key

Obtain your API key

  1. Sign in to your Gravv Dashboard.
  2. Select your configured environment.
  3. Open Manage → Configure → API Keys.
  4. Copy your server-side secret key.

Keep credentials server-side only. Never expose them in frontend code or public repositories.

Use credentials in requests

curl -X POST "https://api.gravv.xyz/v1/transfer/sns" \
  -H "accept: application/json" \
  -H "Api-Key: <YOUR_API_KEY>" \
  -H "Idempotency-Key: <YOUR_IDEMPOTENCY_KEY>" \
  -H "Content-Type: application/json" \
  -d '{
    "source": { "source_type": "internal_account", "id": "<SOURCE_ACCOUNT_ID>" },
    "destination": { "destination_type": "external_account", "id": "<RECIPIENT_ID>" },
    "amount": "100.00"
  }'

All requests must be sent over HTTPS. Invalid or missing credentials return 401.

Webhook credentials

For webhooks, you need to create them and generate their Secret Key:

  1. Follow steps 1 through 3 in Obtain your API key.
  2. Click Webhooks in the Dashboard.
  3. Click Create Webhook to open the form.
  4. Enter your webhook endpoint in the Webhook URL field.
  5. Click Generate to create your webhook Secret Key.

You can regenerate your Secret Key at any time by clicking Rotate API Key in your Dashboard.

For more information about webhooks, see Webhooks.