Authentication Methods

There are two ways to authenticate with our API: Bearer tokens and API keys. You can find the authentication method for each endpoint in the OpenAPI specification file. When building client applications, you can use the Bearer token or public API key to authenticate requests. For server-to-server communication, you can use just your API keys.

Do not expose your API keys in public repositories. Use environment variables or a secure method to store and use your API keys.

Generally, we provide both a public key and a secret key. The public key is used to identify your account, while the secret key is used to authenticate requests. You should keep your secret key secure and never expose it in public repositories.

{
  "public_key": "pk_test_sddkdkd",
  "secret_key": "sk_test_sddkdkd"
}

By default, public keys cannot cannot be used to modify your account or make payout transactions. They are used to identify your account and authenticate requests that initiates transactions to you e.g. collections. Secret keys, on the other hand, can be used to make transactions and modify your account like initiating payouts. Keep your secret key secure and never expose it in public repositories. If you suspect that your secret key has been compromised, you can regenerate it from the dashboard.

Authorization Headers

When making requests to our API, you need to include your API key or Bearer token in the Authorization or x-api-key header. The format of the Authorization header is as follows:

{
  "Authorization": "Bearer <YOUR_BEARER_TOKEN>"
}

API request made without a valid API key or Bearer token will return a 401: Unauthorized status code.