Receiving a "403 Forbidden" error or CORS error

If this is the first time you're experiencing this, it may take upto 24 hours for this API Key to become active from when you receive this email. In case you run into an error while accessing the API for the first time, please try again in another 12 hours.

Only applies for Dec 2022: If you've already been using API keys for sometime, and experiencing this error the first time, its likely because the key is corrupt i.e. typo, missing a letter, incomplete. The only way to know this for sure is re-request your API key, and ensure you copy the whole length of the key over and try again. This resolves the issue.


If I’m building multiple projects, do I need to use a separate API key per project?

Yes, you should use a different API key per project. If you are building multiple projects, please use one API key per each of your projects.


How do I find the event ID for a given token ID?

If you have the token ID, you can find the event ID using GET /token/{tokenId}.


Can new addresses be added to a delivery after it has been created?

No, once a list has been submitted for delivery it cannot be edited. No new addresses can be added or existing addresses removed.


Can I update the event image? Can event metadata be changed?

Yes, you can change the event name, description, country, city, start date, end date, expire date, and URL. The only items that cannot be changed are the image and on-chain values (eg: Address, token ID, event ID).


Can I use the API to whitelabel the claim URL? For example rather than claiming on https://poap.xyz/claim/xxxxxx, can I have them go to my own website?

Yes this is possible, you would need to:

  1. Create an event.
  2. Create a website secret claim using POST /secret-requests.
  3. Using your infrastructure create your own custom claim page, such as www.example.com/claim. With your custom backend you will then have to send a POST to POST /website/claim with the website name and the collector’s address to claim the POAP on behalf of your user.

Note: This solution requires a custom landing page with a custom backend. These endpoints are rate limited and part of our premium offerings.


Will the API key allow me to create POAPs without waiting for approval, or will I still need to wait for the approval process?

Most will need to go through the approval process. We have automated approvals for trusted builders, but this opportunity is not available to all builders at this time.


Does the API support all POAPs on all chains?

No, at the moment the events can only be created and claimed on Gnosis chain. If you want the data for mainnet, Polygon, or L2s then you will need to index it.

However, there is partial support for mainnet data. For example if you are looking up POAPs held by an address or a specific token ID, the API will indicate if it’s on Gnosis or mainnet.


Why did my auth token expire? Do I need to fill out the form for a new one?

The auth token has not expired, but the generated access token has. For security purposes the access token expires after 24hrs. You can generate a new access token from the provided auth token using these instructions.

Note: Generating more than 4 access tokens per hour will lead to a ban.


Why is the image in my test event not showing?

If you created this event using the form in API reference, the form is not uploading image correctly. The event should be created programmatically rather than using this form.


Why am I getting a "X-Api-Key is not allowed by Access-Control-Allow-Headers" error?

If you are seeing this error it's likely because you are using https://api.poap.xyz as the base URL for the API call instead of https://api.poap.tech.


How do I create a test event? Is there a test environment or testnet?

At the moment there is no test environment or sandbox. For testing purposes we suggest creating a normal event with the following attributes:

  • The event should be marked as private (private: true)
  • The title and description should include "test"
  • The image should contain a "test" label on it
  • The mint links request should be 10 or less (requested_codes: 5)

Following these instructions will help expedite the approval process so you can continue with your testing and development.