Setting Up Your Development Environment

Environments

Bakkt provides separate environments for development and production:

Sandbox

Your playground for development and testing.

Public vs Private Sandbox:

• Public Sandbox: Immediately accessible with a shared public API key (see below). Ideal for initial exploration.
• Private Sandbox: A dedicated, isolated environment for your team. Contact us to set up a Private Sandbox that mirrors your production configuration.

Production

Live environment for real transactions.

Production Stages:

• Pre-Production: Limited production environment with transaction volume caps for final testing with real funds
• Live: Fully operational — no transaction limits

API Keys

Authentication uses API keys passed in the Authorization header of every request.

Sandbox Keys

Public Sandbox API Key (for immediate exploration):

API-Key +74/0TAhXh0sFWyaeoHcY7XfVCAEqLvIwqKnOz7rjHB5a36By9E3ibevU09zNWNQ

Use this key directly in your requests to explore the Stablecoin API without onboarding.

Private Sandbox API Key: Complete the Onboarding Form to receive a private Sandbox key via a secure channel.

Production Keys

Pre-Production and Live API keys are activated after your commercial agreement is finalized and Pre-Production testing is signed off.

Warning: Treat API keys as confidential credentials. Never expose them in client-side code, public repositories, or insecure channels. API keys are intended for backend server-side use only. Compromised keys are deactivated immediately.

Authentication Headers

The Stablecoin API uses dual authentication:

API Key (All Requests)

Authorization: API-Key YOUR_API_KEY

Session ID (User-Modifying Requests)

Required for POST, PUT, and PATCH requests that create or modify user data:

bakkt-session-id: YOUR_SESSION_ID

Obtaining a Session ID:

1. Email OTP: Send a one-time password to the user's email, then exchange it for a session ID. See OTP Login.
2. Sign-In with Ethereum (SIWE): Authenticate using a Web3 wallet. See SIWE Login.

Session IDs are valid for 4 hours. Only one active session per user at a time.

User UUID (GET Requests)

For GET requests retrieving user-specific data, include the user identifier:

user-uuid: USER_UUID

Summary

Testing Stablecoin API in Sandbox

1. Exchange Rates (No User Required)

curl --request GET \
     --url 'https://sandbox.api.bakkt.com/stablecoin/exchange-rates/?base_currency=EUR&target_currency=USD' \
     --header 'Authorization: API-Key +74/0TAhXh0sFWyaeoHcY7XfVCAEqLvIwqKnOz7rjHB5a36By9E3ibevU09zNWNQ'

2. Supported Chains and Currencies

curl --request GET \
     --url 'https://sandbox.api.bakkt.com/stablecoin/supported/chains' \
     --header 'Authorization: API-Key +74/0TAhXh0sFWyaeoHcY7XfVCAEqLvIwqKnOz7rjHB5a36By9E3ibevU09zNWNQ'

3. Wallet Operations (Requires User)

curl --request GET \
     --url 'https://sandbox.api.bakkt.com/stablecoin/user/wallet/polygon' \
     --header 'Authorization: API-Key +74/0TAhXh0sFWyaeoHcY7XfVCAEqLvIwqKnOz7rjHB5a36By9E3ibevU09zNWNQ' \
     --header 'user-uuid: YOUR_USER_UUID'

4. Bank Account Setup (Requires Session)

curl --request POST \
     --url 'https://sandbox.api.bakkt.com/stablecoin/user/bank-account/remote' \
     --header 'Authorization: API-Key +74/0TAhXh0sFWyaeoHcY7XfVCAEqLvIwqKnOz7rjHB5a36By9E3ibevU09zNWNQ' \
     --header 'bakkt-session-id: YOUR_SESSION_ID' \
     --header 'Content-Type: application/json' \
     --data '{"account_name": "Test Account", "main_recipient": true, "account_details": {"currency": "EUR", "iban": "DE89370400440532013000"}}'

Sandbox Limitations

• Data is periodically reset — do not store critical persistent data
• Uses test blockchains and simulated fiat rails
• KYC/KYB states are simulated (not real verification)
• Contact [email protected] for testnet tokens to test full conversion flows