Skip to main content

API Key Authentication

All API requests must be authenticated using your API key. You can find your API key in the Payviox Dashboard under the Developer section.
Keep your API keys secure! Never share your API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Using the API Playground

Each endpoint in this documentation includes an interactive playground where you can test API calls directly from your browser.
1

Get Your API Key

Copy your API key from the Payviox Dashboard
2

Open an Endpoint

Navigate to any endpoint page (e.g., Create Session)
3

Enter Your API Key

In the playground on the right, paste your API key in the Authorization field
4

Fill Request Body

Complete the required parameters in the request body
5

Send Request

Click Send to test the API call in real-time
The playground automatically adds “Bearer ” prefix to your API key in the Authorization header.

How to Authenticate

Include your API key in the Authorization header of each request: 
Authorization: Bearer YOUR_API_KEY

Example Request

curl https://api.payviox.com/session \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -X POST \
  -d '{
    "amount": 10000,
    "currency": "USD",
    "customer": {
      "email": "[email protected]",
      "name": "John Doe"
    },
    "order_id": "order_123",
    "items": [
      {
        "name": "Product 1",
        "quantity": 1,
        "price": 10000
      }
    ]
  }'

API Key Management

Getting Your API Key

  1. Log in to your Payviox Dashboard
  2. Navigate to Developer > API Keys
  3. Copy your production API key

Regenerating API Keys

If your API key has been compromised, you can regenerate it from the dashboard:
1

Access Developer Settings

Go to Developer > API Keys in your dashboard
2

Regenerate Key

Click Regenerate API Key
3

Update Your Integration

Update your integration with the new API key
When you regenerate an API key, the old key will stop working immediately. Make sure to update your integration before regenerating.

Error Responses

If authentication fails, you’ll receive one of the following responses:

Missing Authorization Header

{
  "error": "Unauthorized",
  "message": "Missing authorization header"
}

Invalid API Key

{
  "error": "Unauthorized",
  "message": "Invalid API key"
}

Expired API Key

{
  "error": "Unauthorized",
  "message": "API key has expired"
}

Best Practices

Use Environment Variables

Store your API keys in environment variables, never hardcode them

Different Keys for Different Environments

Use separate API keys for development, staging, and production

Rotate Keys Regularly

Periodically regenerate your API keys for enhanced security

Monitor Usage

Keep track of your API usage in the dashboard