Authentication

API keys

Authenticate every request by passing your secret key in the Authorization header.

curl https://api.example.com/v1/customers \
  -H "Authorization: Bearer sk_test_4eC39HqLyjWDarjtT1zdp7dc"

Never expose your secret key in client-side code. Use a restricted key for anything that runs in the browser.

Errors

Failed authentication returns 401 Unauthorized:

{
  "error": {
    "type": "authentication_error",
    "message": "Invalid API key provided."
  }
}

Was this guide helpful?