Wallet Keys

POST /api/wallet/keys

Returns the user's protectedSymmetricKey and email. You'll pass protectedSymmetricKey in every POST /api/wallet/payout request.

Call this endpoint once per user and cache both values in your database. They only change if the user resets their PIN.

Gated by feature flag. Requires the WALLET_PAYOUT_API per-user feature flag. Without it the endpoint responds 403. Contact Hodle to enable it.

Rate limit

1 request per minute per API key. Hitting the limit responds 429 with a Retry-After header.

Request

The body is empty. The user is identified from the API key.

curl --request POST \
  --url https://api.hodle.com.br/api/wallet/keys \
  --header "Authorization: Bearer $API_KEY" \
  --header "Accept: application/json"

const res = await fetch('https://api.hodle.com.br/api/wallet/keys', {
  method: 'POST',
  headers: {
    Authorization: `Bearer ${process.env.HODLE_API_KEY}`,
    Accept: 'application/json',
  },
})
const data = await res.json()

import os, requests

res = requests.post(
    "https://api.hodle.com.br/api/wallet/keys",
    headers={
        "Authorization": f"Bearer {os.environ['HODLE_API_KEY']}",
        "Accept": "application/json",
    },
)
data = res.json()

Response

{
  "success": true,
  "data": {
    "protectedSymmetricKey": "AoofiKHyVRLvdrknnXzoIh1Gd1YTwLaOBn4ibm103a4dpwHZA36dU9DiiZdDvQmNn...",
    "email": "user@example.com"
  }
}

Errors

{ "success": false, "error": "WALLET_PAYOUT_API feature flag is not enabled for this user" }

{ "success": false, "error": "Wallet not found" }

{ "success": false, "error": "Too many requests. Retry in 47 seconds" }

When to refetch

Almost never. Re-fetch only if:

• You don't have the value cached yet for this user.
• A previous payout returned Invalid PIN despite the user typing correctly — could mean the user reset their PIN and your cache is stale.