Proxying Client API Requests

After registering a tenant, resellers can use the generated client apiKey to make regular CryptoSwift Client API calls on behalf of that tenant. This is useful when the partner exposes its own API while transparently forwarding Travel Rule requests to CryptoSwift. It is an integration option, not a platform limitation: partners may also allow VASP tenants to call CryptoSwift directly with their own tenant API key.

Store a mapping between your internal client identifier and the generated CryptoSwift client apiKey.

For example, a partner can expose:

POST https://api.service-x.com/travel-rule/transactions

and forward the request to:

POST https://api.cryptoswift.eu/transactions

When forwarding to CryptoSwift, strip the partner or platform credentials and swap in the client key directly:

curl --location --request POST 'https://api.cryptoswift.eu/transactions' \
  --header 'x-api-key: <client-api-key>' \
  --header 'Content-Type: application/json' \
  --data-raw '<original-client-request-body>'

The payload body should remain intact. The only required authentication change is replacing the credential your client used for your API with the generated CryptoSwift client apiKey in the x-api-key header.

• Do not forward X-Partner-Api-Key to regular Client API endpoints.
• For proxied requests, do not let external callers override the CryptoSwift tenant key selected by your server-side tenant mapping.
• Keep the tenant lookup server-side so each proxied request uses the correct client's API key.
• The same pattern can mirror endpoints such as /transactions, wallet verification endpoints, and other regular CryptoSwift Client API operations.