Skip to main content

Overview

All API requests must be authenticated using a Bearer token in the Authorization header.

Authentication Header

Include your API key in the Authorization header of every request:

Example

Here’s an example of an authenticated request:

API Key Format

API keys follow this format:
  • Live keys: pk_live_...
  • Test keys: pk_test_... (if available)

Security Best Practices

Never expose your API keys: - Don’t commit them to version control - Don’t include them in client-side code - Don’t share them publicly - Rotate them if compromised

Invalid API Key

If you use an invalid API key, you’ll receive a 401 Unauthorized response:

Missing Authorization Header

If you don’t include the Authorization header, you’ll receive: