OpenNode API Keys
API keys authenticate your requests to OpenNode through Lightning Enable. This guide shows how to generate, configure, and secure your API keys.
API Key Types
OpenNode provides different API key types:
| Key Type | Permissions | Use Case |
|---|---|---|
| Invoice | Create invoices, check status | Payment creation |
| Withdrawal | Send payments, refunds | Refund processing |
| Admin | Full account access | Account management |
Lightning Enable requires an Invoice key for basic payments, or an Admin key if you need refund capabilities.
Generate API Key
Development Environment
Dev-environment keys are useful for exploring OpenNode's own API on testnet, but they cannot be used with Lightning Enable's hosted platform, which connects to OpenNode production. Use a production key below when configuring Lightning Enable.
- Log in to app.dev.opennode.com
- Navigate to Integrations > API Keys
- Click Generate New Key
- Select key type:
- Invoice for payment creation
- Admin for full access (including refunds)
- Copy and securely store the key
Production Environment
- Log in to app.opennode.com
- Navigate to Integrations > API Keys
- Click Generate New Key
- Select key type
- Copy and securely store the key
API keys are shown only once. If you lose it, you'll need to generate a new one.
Configure in Lightning Enable
Via Dashboard
Sign in to your Lightning Enable dashboard and navigate to Settings → Payment Provider to paste your OpenNode API key.
Via Merchant API
curl -X PUT https://api.lightningenable.com/api/merchant/opennode-key \
-H "X-API-Key: your-merchant-api-key" \
-H "Content-Type: application/json" \
-d '{
"apiKey": "your-opennode-api-key"
}'
Your OpenNode key is stored by Lightning Enable's hosted platform, encrypted at rest with AES-256-GCM. There is no environment variable or configuration file to set — the dashboard and the PUT /api/merchant/opennode-key endpoint above are the only ways to configure it.
The hosted platform connects to OpenNode's production API, so configure a production OpenNode key (from app.opennode.com). Development-environment keys will fail validation.
API Key Security
- Never commit your OpenNode key to source control or paste it into client-side code — the only place it belongs is the Lightning Enable dashboard or the
PUT /api/merchant/opennode-keycall. - If you keep a copy, store it in a password manager or secret store.
- Lightning Enable never returns your OpenNode key back out of the API once saved.
- If you suspect the key leaked, revoke it in the OpenNode dashboard immediately and configure a new one.
Key Rotation
Regularly rotate API keys for security:
When to Rotate
- Every 90 days (recommended)
- After employee departure
- If key may be compromised
- After security incident
Rotation Process
- Generate new key in the OpenNode dashboard
- Update the key in Lightning Enable — dashboard (Settings → Payment Provider) or:
curl -X PUT https://api.lightningenable.com/api/merchant/opennode-key \
-H "X-API-Key: your-merchant-api-key" \
-H "Content-Type: application/json" \
-d '{ "apiKey": "your-new-opennode-api-key" }' - Validate the new key:
curl -X POST https://api.lightningenable.com/api/merchant/validate-opennode \
-H "X-API-Key: your-merchant-api-key" - Verify functionality with a small test payment
- Revoke the old key in the OpenNode dashboard
The update takes effect immediately — subsequent payments use the new key, so there is no downtime window to manage.
Verify API Key
Test your API key is working:
Using cURL
# Development
curl -X GET https://dev-api.opennode.com/v1/account/balance \
-H "Authorization: your-api-key"
# Production
curl -X GET https://api.opennode.com/v1/account/balance \
-H "Authorization: your-api-key"
Expected Response
{
"data": {
"balance": {
"BTC": "0.00123456",
"USD": "52.34"
}
}
}
Error Response (Invalid Key)
{
"success": false,
"message": "Invalid API key"
}
API Key Permissions
Invoice Key Capabilities
- Create Lightning invoices
- Check invoice status
- List transactions
- Get exchange rates
Admin Key Capabilities
Everything in Invoice key, plus:
- Create withdrawals
- Process refunds
- Manage webhooks
- Access account settings
Minimal Permissions
Use the least privileged key for your use case:
| Feature | Required Key |
|---|---|
| Accept payments | Invoice |
| Check payment status | Invoice |
| Process refunds | Admin |
| Send payments | Admin |
Troubleshooting
Invalid API Key
{
"error": "Invalid API key"
}
Solutions:
- Verify key is copied correctly (no extra spaces)
- Confirm it is a production key from app.opennode.com — the hosted platform does not use OpenNode's dev environment
- Check key hasn't been revoked
- Generate new key if needed
Permission Denied
{
"error": "Insufficient permissions"
}
Solutions:
- Check key type (Invoice vs Admin)
- Generate key with appropriate permissions
- Verify account is fully verified
Key Not Found
{
"error": "API key required"
}
Solutions:
- Check the Authorization header format
- Verify a key is saved in Lightning Enable (the dashboard, or
GET /api/merchant/me— checkhasOpenNodeKey) - Re-save the key via the dashboard or
PUT /api/merchant/opennode-key
Best Practices Checklist
- Configure the key only via the Lightning Enable dashboard or
PUT /api/merchant/opennode-key - Keep any copy in a password manager or secret store, never in source control
- Enable 2FA on OpenNode account
- Use Invoice key for payments (minimal permissions)
- Use Admin key only when refunds needed
- Rotate keys every 90 days
- Monitor for unauthorized usage
Next Steps
- Webhooks - Configure payment notifications
- Testing - Test your integration
- Quick Start - Make your first payment