All API requests require authentication using a Bearer token in the Authorization header.
API Keys
You’ll receive an API key when you register as a partner. API keys look like:
Keep your API key secure. Never expose it in client-side code or public repositories.
Making Authenticated Requests
Include your API key in the Authorization header:
Environments
Use sandbox keys for testing. Sandbox transactions don’t result in real payouts.
Error Responses
Authentication errors return 401 Unauthorized:
Rate limit errors return 429 Too Many Requests:
IP Whitelisting (Optional)
For additional security, you can whitelist IP addresses in the Dashboard. When enabled, requests from non-whitelisted IPs will be rejected.
Webhook Signature Verification
Webhooks are signed using HMAC-SHA256. See the Webhooks guide for implementation details.