Skip to main content
All API requests require authentication using a Bearer token in the Authorization header.

API Keys

You’ll receive an API key when you register as a partner. API keys look like:
Keep your API key secure. Never expose it in client-side code or public repositories.

Making Authenticated Requests

Include your API key in the Authorization header:

Environments

Use sandbox keys for testing. Sandbox transactions don’t result in real payouts.

Error Responses

Authentication errors return 401 Unauthorized:
Rate limit errors return 429 Too Many Requests:

IP Whitelisting (Optional)

For additional security, you can whitelist IP addresses in the Dashboard. When enabled, requests from non-whitelisted IPs will be rejected.

Webhook Signature Verification

Webhooks are signed using HMAC-SHA256. See the Webhooks guide for implementation details.