Authentication
The AML You API uses API keys for authentication.
Obtaining an API Key
To get your API key, visit amlyou.com and navigate to the API Keys section in your dashboard. You can create, view, and revoke keys from there.
:::danger Important Your API key is shown only once at creation time. Store it securely — it cannot be retrieved later. :::
Passing Your API Key
Option 1: X-API-Key header (recommended)
curl -H "X-API-Key: ak_live_your_key_here" \
https://mvp.amlyou.com/api/analysis/wallet/0x...
Option 2: Authorization header with Bearer prefix
curl -H "Authorization: Bearer ak_live_your_key_here" \
https://mvp.amlyou.com/api/analysis/wallet/0x...
tip
The API detects API keys by the ak_ prefix. If your token starts with ak_, it's treated as an API key regardless of which header you use.
Key Format
API keys follow this format:
ak_{environment}_{random}
| Part | Description |
|---|---|
ak_ | Fixed prefix identifying it as an API key |
live_ or test_ | Environment indicator |
{random} | 20-40 characters of cryptographic randomness |
Key Security
- Keys are hashed with SHA-256 before storage — we never store plaintext keys
- Rotate keys periodically and revoke compromised keys immediately
- Never expose your API key in client-side code or public repositories
Authentication Errors
| Status | Code | Description |
|---|---|---|
401 | missing_authentication | No API key provided |
401 | invalid_api_key | API key format is invalid or key not found |
401 | expired_api_key | API key has passed its expiration date |
401 | revoked_api_key | API key has been revoked |
403 | insufficient_permissions | Key lacks the required permission |