Authentication Guide

DOCUMENTATION/authentication

Authentication Guide

Our API uses API key authentication to secure all requests. This guide covers everything you need to know about authenticating with our payment processing API.

API Keys

API keys are unique identifiers that authenticate your requests to our API. Each key is associated with your account and carries specific permissions based on your contracted features.

Types of API Keys

• Live Keys: Used for production transactions
• Test Keys: Used for development and testing
• Restricted Keys: Limited to specific endpoints or features

Making Authenticated Requests

Include your API key in the Authorization header of every request:

GET /v1/payments/pay_1234567890
Host: api.paymentprovider.com
Authorization: Bearer sk_live_1234567890abcdef
Content-Type: application/json

Security Best Practices

1. Keep Your Keys Secret

• Never expose API keys in client-side code
• Store keys securely in environment variables
• Use different keys for different environments

2. Rotate Keys Regularly

• Generate new keys periodically
• Disable old keys after migration
• Monitor key usage for suspicious activity

3. Use Restricted Keys When Possible

• Limit key permissions to minimum required
• Create separate keys for different services
• Monitor and audit key usage

Error Responses

If authentication fails, you'll receive a 401 Unauthorized response:

[object Object],
  ,[object Object],[object Object], ,[object Object],
    ,[object Object],[object Object], ,[object Object],[object Object],
    ,[object Object],[object Object], ,[object Object],[object Object],
    ,[object Object],[object Object], ,[object Object],
  ,[object Object],
,[object Object],

Testing Authentication

You can test your API key with a simple request:

curl -H ,[object Object], \
     https://api.paymentprovider.com/v1/account