​
Overview

The Monieswitch API uses API token-based authentication to secure all requests. This guide covers how to obtain, use, and manage your API credentials safely.

​
API Key Types

Monieswitch provides two types of API keys, each designed for specific use cases:

​
Public Keys (Publishable Keys)

  • Use case: Client-side integrations and Monieswitch Checkout
  • Security: Safe to expose in frontend code and mobile applications
  • Prefix: pk_live_ (production) or pk_test_ (sandbox)
  • Capabilities: Limited to creating payment sessions and retrieving public data

​
Secret Keys (Private Keys)

  • Use case: Server-side integrations and full API access
  • Security: Must be kept confidential and stored securely
  • Prefix: sk_live_ (production) or sk_test_ (sandbox)
  • Capabilities: Full API access including sensitive operations
Security Best Practices: - Store SECRET_KEY tokens in environment variables, never in code - Never commit secret keys to version control systems
  • Avoid sharing secret keys in public channels, logs, or CI/CD configurations
  • Regularly rotate your API keys for enhanced security - Use different keys for different environments (development, staging, production)

​
Getting Your API Keys

  1. Log in to your Monieswitch Dashboard
  2. Navigate to Settings → API Keys
  3. Generate new keys or copy existing ones
  4. Store them securely in your application’s environment variables
For detailed steps, see our API Token Creation Guide.

​
Making Authenticated Requests

​
Authentication Method

Monieswitch uses Bearer Token authentication. Include your secret key in the Authorization header of every API request: 
Authorization: Bearer sk_live_your_secret_key_here

​
Example Request

curl -X GET "https://nini.monieswitch.com/payments" \
  -H "Authorization: Bearer sk_live_your_secret_key_here" \
  -H "Content-Type: application/json"

​
Code Examples

const headers = {
  Authorization: `Bearer ${process.env.MONIESWITCH_SECRET_KEY}`,
  "Content-Type": "application/json",
};

const response = await fetch("https://nini.monieswitch.com/payments", {
  method: "GET",
  headers: headers,
});

​
Base URL

All API endpoints are accessible from: 
https://nini.monieswitch.com

​
Environment Variables Setup

​
Sandbox Environment

Create a .env file in your project root: 
# Sandbox keys for testing
MONIESWITCH_PUBLIC_KEY=pk_test_your_public_key_here
MONIESWITCH_SECRET_KEY=sk_test_your_secret_key_here

​
Live Environment

Set environment variables in your hosting platform: 
# Production keys
MONIESWITCH_PUBLIC_KEY=pk_live_your_public_key_here
MONIESWITCH_SECRET_KEY=sk_live_your_secret_key_here

​
Key Management Best Practices

​
Key Rotation

  • Rotate API keys periodically (recommended: every 90 days)
  • Generate new keys before revoking old ones to prevent service interruption
  • Update all applications and services with new keys before revocation

​
Access Control

  • Use different keys for different services or applications
  • Implement key-specific scoping when available
  • Monitor key usage through your dashboard

​
Incident Response

If you suspect a key has been compromised:
  1. Immediately revoke the compromised key from your dashboard
  2. Generate a new key pair
  3. Update all affected applications
  4. Monitor for any unauthorized usage

​
Troubleshooting

​
Common Authentication Issues

IssueCauseSolution
401 UnauthorizedInvalid or missing tokenVerify your key is correct and properly formatted
403 ForbiddenUsing wrong key typeEnsure you’re using a secret key for API requests
Token expiredKey has been revokedGenerate a new key from your dashboard

​
Getting Help

If you’re experiencing authentication issues: