Overview

Authentication

The Payonify API uses API keys to authenticate requests via HTTP Basic Authentication. You must include your API credentials in the Authorization header of all requests.

API Keys

There are two types of API keys:

1. Secret Key (sk_): Used for server-side requests. This key can perform any API request and should be kept confidential.
2. Publishable Key (pk_): Used for client-side requests. This key is public and can only perform a limited set of operations.

Both keys are available in test and live modes:

• Test mode keys have the prefix sk_test_ and pk_test_
• Live mode keys have the prefix sk_live_ and pk_live_

How to Authenticate

To authenticate your API requests, use HTTP Basic Authentication with your publishable key as the username and your secret key as the password:

Code
 
Authorization: Basic base64(publishable_key:secret_key)

Most HTTP clients support Basic Auth natively. For example, curl provides the -u flag:

Example Request

Code
 
curl https://api.payonify.com/v1/charges \
  -u "pk_test_abc123...:sk_test_xyz789..." \
  -H "Content-Type: application/json" \
  -d '{"amount": 1000, "currency": "usd", "source": "web"}'

API Keys in Different Environments

Test Mode

Use test keys for development and testing. Test transactions won't move any real money.

Code
 
Authorization: Basic base64(pk_test_abc123...:sk_test_xyz789...)

Live Mode

Once your integration is ready for production, switch to live keys. These transactions will process real payments.

Code
 
Authorization: Basic base64(pk_live_abc123...:sk_live_xyz789...)

Keep Your API Keys Secure

Your secret key (sk_) has full access to your account, so it's important to keep it secure:

• Never expose your secret key in client-side code or public repositories
• Don't hardcode your API keys in your application code
• Use environment variables or a secure configuration system
• Rotate your API keys regularly
• Only share your API keys with authorized team members

If you suspect your API key has been compromised, you can revoke it and generate a new one from your Payonify Dashboard.

Authentication Errors

If your authentication credentials are missing or invalid, you'll receive one of these errors:

Error Code	Description
missing_credentials	Authorization header is missing or malformed. Use Basic authentication with your publishable key and secret key.
invalid_publishable_key	The publishable key provided does not exist or is invalid
invalid_secret_key	The secret key provided is incorrect or does not match the publishable key
unauthorized	You are not authorized to access this resource or perform this action

For more information about error handling, see our Errors documentation.