Prerequisites
You have been assigned the user role of a Operator, Manager, or Admin in Cobo Portal.Steps
Register an API key on Cobo Portal
It is recommended to use permanent API key, set up the IP whitelist and configure the callback endpoint as described in the following steps.
- Log in to Cobo Portal.
-
Click the Developer icon
in the main menu.
- Click the WaaS 2.0 tab and then switch to the API Keys tab.
-
Click Register API Key to display the Register API key dialog.
- Enter the API key name (maximum 30 characters).
- Enter the API key and select its cryptographic algorithm. The API key is the public key in the cryptographic key pair, and must be 64 characters long, containing only numbers 0 to 9 and alphabets A to F. To learn how to generate an API key using the Ed25519 algorithm, see Generate an API key and an API secret.
- In the Role & Wallet Scope section, click Set Wallet Scope for User Role to set user roles for this API key and the wallet scope that the API key can access.
-
Select user roles and wallet scope from the corresponding dropdown lists.
You can click For Each Role to select different wallet scope for each user role.Click Confirm to complete the configuration.The API key will obtain the permissions listed under the user roles you select and have access to the selected wallets. Assign the wallet scope carefully, and avoid selecting any type wallet. - Select the callback endpoint this API key uses, or register a new one. The selected callback endpoint will receive messages triggered by the API key. For more information, see Register a callback endpoint.
-
Select the key type.
- Permanent: This key type requires IP address whitelisting for enhanced security. You must specify the static IP addresses from which API requests will be sent. If you have multiple IP addresses, separate them with commas.
Avoid using permanent keys for testing with the API Playground, as requests are sent from the API Playground, not your specified IP addresses.
- Temporary: A temporary key expires in 30 days. This option is suitable if you do not have a static IP address ready.
- Permanent: This key type requires IP address whitelisting for enhanced security. You must specify the static IP addresses from which API requests will be sent. If you have multiple IP addresses, separate them with commas.
- Follow the instructions on the screen to confirm the registration.
-
In the Security Verification dialog, verify your identity using multi-factor authentication (MFA).
Approve the request on Cobo Guard
According to your organization’s governance policies settings, this request may require approval from a specific number of organization admins in Cobo Guard. You can view the approval rules for registering an API key by clicking the profile icon at the bottom left > Organization > Governance Policies > Developers.


Next steps
After registering an API key, you can:- Edit the API key’s name or related callback endpoint.
- Revoke the key to disable all future API access associated with it.
- Filter the API key list, for example, by status or type.
API Key status includes:
- Active: The API key is active and work normally.
- Revoked: The API key has been revoked and cannot be used to access the WaaS 2.0 service.
- Pending Approval (Create): The operation of creating the API key has not been approved.
- Pending Approval (Revoke): The operation of revoking the API key has not been approved.
- Pending Approval (Update): The operation of updating the API key has not been approved.
- Search for specific API keys using names or keywords.
Feel free to share your feedback to improve our documentation!