Authentication
Last updated: 2026-05-04
The API uses Bearer keys in the HTTP Authorization header:
Authorization: Bearer <key>
There are two key types.
Public key (publishable)
- Format:
pk_<env>_<base64> - Examples:
pk_test_...,pk_prod_...
Used only for read-only discovery endpoints:
GET /merchant/api/v1/catalogGET /merchant/api/v1/payins/banksGET /merchant/api/v1/payins/mmoGET /merchant/api/v1/payouts/banksGET /merchant/api/v1/payouts/mmo
Start with GET /merchant/api/v1/catalog to retrieve the countries, currencies, and method families enabled for your account. Then use the bank and operator discovery endpoints with the same request context you will use for the selected payment flow.
Secret key
- Format:
sk_<env>_<base64> - Examples:
sk_test_...,sk_prod_...
Used for all other endpoints (create orders, OTP authorization, get payment, balances).
Environment binding (test vs prod)
Keys are validated against the environment you call:
- In non-production environments, only
*_test_*keys are accepted. - In production environments, only
*_prod_*keys are accepted.
If you use a key from the wrong environment, the request is rejected.