Skip to main content

Environments

Blaaiz operates two completely isolated environments. Each environment requires its own account and has separate OAuth credentials.
EnvironmentDashboardAPI Base URLIP Whitelisting
Productionbusiness.blaaiz.comhttps://api-prod.blaaiz.comRequired
Developmentbusiness-dev.blaaiz.comhttps://api-dev.blaaiz.comNot required
Production and development are not linked. You must create a separate account on each dashboard. Data, customers, wallets, and OAuth credentials do not transfer between environments.
Recommended workflow:
  1. Sign up at business-dev.blaaiz.com to get a development account.
  2. Build and test your integration against api-dev.blaaiz.com — no IP whitelisting needed.
  3. When ready for production, sign up at business.blaaiz.com, complete KYB, request API access, and whitelist your server IPs.

Prerequisites

Before you can use the Blaaiz Platform API, you’ll need:
  • A Blaaiz business account — Sign up at business registration link.
  • Completed KYB verification — Your business must pass our Know Your Business (KYB) verification process.
  • API Services enabled — Request access to API Services through your dedicated account manager or by contacting support@blaaiz.com.
  • Whitelisted IP addresses — Only approved IPs can call the API.
IP whitelisting is required before making API calls. Submit the server IPs you will use for API requests. Calls from non-whitelisted IPs are rejected for security. Read more: IP whitelisting guide

Step 1: Request API Access

To start building with the Blaaiz Platform API, API Services must be enabled for your business account. How to request access:
  • Navigate to your business dashboard and request API access. coming soon, or
  • Contact our team at support@blaaiz.com.
Once your request is approved, API Services will be provisioned for your account and you’ll be able to generate OAuth credentials. If you cannot see the API & Webhooks page in your dashboard after approval, your account has not been provisioned for API Services yet. Contact your dedicated account manager or support@blaaiz.com.

Step 2: Create your OAuth credentials

After API Services are enabled for your account:
  1. Log in to the Blaaiz dashboard for the environment you want to use:
  2. Open the API & Webhooks page from the dashboard menu.
  3. Create your OAuth credentials if none exist yet.
  4. Copy the client_id and client_secret shown on that page and store them securely.
  5. If the client_secret is ever compromised, rotate the credentials and update your integration immediately.
Development and production issue different OAuth credentials. Always use the credentials from the same environment as the base URL you are calling.
Your client_secret should be treated as a one-time-visible secret. Store it securely when it is shown. If you lose it later, rotate the OAuth credentials from API & Webhooks.

Step 3: Exchange credentials for an access token

Before calling any external API endpoint, exchange your credentials for a short-lived access token: 
curl -X POST https://api-prod.blaaiz.com/oauth/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  --data-urlencode "grant_type=client_credentials" \
  --data-urlencode "client_id=YOUR_CLIENT_ID" \
  --data-urlencode "client_secret=YOUR_CLIENT_SECRET" \
  --data-urlencode "scope=wallet:read payout:create transaction:read"
Use the returned access token as a Bearer token on every external API request. The scope parameter should be a space-separated list of the scopes assigned to your credentials. See Authentication — Scopes for the full list.
If you already have an older API-key-based integration, it may still work temporarily with x-blaaiz-api-key, but that path is legacy. New integrations should use OAuth, and existing ones should migrate immediately.

Step 4: Configure your webhooks and signing secret

From API & Webhooks, configure your webhook URLs and securely store your webhook signing_secret.
  • Use the OAuth client_secret only for getting access tokens.
  • Use the webhook signing_secret only for verifying x-blaaiz-signature on webhook deliveries.
If the webhook signing secret is ever compromised or lost, rotate it from the dashboard and update your webhook handler. Your webhook signing_secret should also be treated as a one-time-visible secret. Store it securely when it is shown. If you lose it later, rotate it from API & Webhooks. For more details on finding your credentials, configuring webhook URLs, and other common integration questions, see the API integration FAQ.

Quick answers

  • Where do I get my OAuth credentials? From the API & Webhooks page in the Blaaiz dashboard after API Services have been enabled.
  • Why can’t I see API & Webhooks? Your account has not been provisioned for API Services yet.
  • Are dev and prod credentials the same? No. Development and production use different OAuth credentials.
Important: Store your OAuth credentials and webhook signing secret securely. Use OAuth credentials for token generation and the signing secret for webhook verification.