Overview

The Monieswitch API uses API token-based authentication to secure all requests. This guide covers how to obtain, use, and manage your API credentials safely.

API Key Types

Monieswitch provides two types of API keys, each designed for specific use cases:

Public Keys (Publishable Keys)

  • Use case: Client-side integrations and Monieswitch Checkout
  • Security: Safe to expose in frontend code and mobile applications
  • Prefix: pk_live_ (production) or pk_test_ (sandbox)
  • Capabilities: Limited to creating payment sessions and retrieving public data

Secret Keys (Private Keys)

  • Use case: Server-side integrations and full API access
  • Security: Must be kept confidential and stored securely
  • Prefix: sk_live_ (production) or sk_test_ (sandbox)
  • Capabilities: Full API access including sensitive operations
Security Best Practices: - Store SECRET_KEY tokens in environment variables, never in code - Never commit secret keys to version control systems
  • Avoid sharing secret keys in public channels, logs, or CI/CD configurations
  • Regularly rotate your API keys for enhanced security - Use different keys for different environments (development, staging, production)

Getting Your API Keys

  1. Log in to your Monieswitch Dashboard
  2. Navigate to Settings → API Keys
  3. Generate new keys or copy existing ones
  4. Store them securely in your application’s environment variables
For detailed steps, see our API Token Creation Guide.

Making Authenticated Requests

Authentication Method

Monieswitch uses Bearer Token authentication. Include your secret key in the Authorization header of every API request:
Authorization: Bearer sk_live_your_secret_key_here

Example Request

curl -X GET "https://nini.monieswitch.com/payments" \
  -H "Authorization: Bearer sk_live_your_secret_key_here" \
  -H "Content-Type: application/json"

Code Examples

const headers = {
  Authorization: `Bearer ${process.env.MONIESWITCH_SECRET_KEY}`,
  "Content-Type": "application/json",
};

const response = await fetch("https://nini.monieswitch.com/payments", {
  method: "GET",
  headers: headers,
});

Base URL

All API endpoints are accessible from:
https://nini.monieswitch.com

Environment Variables Setup

Sandbox Environment

Create a .env file in your project root:
# Sandbox keys for testing
MONIESWITCH_PUBLIC_KEY=pk_test_your_public_key_here
MONIESWITCH_SECRET_KEY=sk_test_your_secret_key_here

Live Environment

Set environment variables in your hosting platform:
# Production keys
MONIESWITCH_PUBLIC_KEY=pk_live_your_public_key_here
MONIESWITCH_SECRET_KEY=sk_live_your_secret_key_here

Key Management Best Practices

Key Rotation

  • Rotate API keys periodically (recommended: every 90 days)
  • Generate new keys before revoking old ones to prevent service interruption
  • Update all applications and services with new keys before revocation

Access Control

  • Use different keys for different services or applications
  • Implement key-specific scoping when available
  • Monitor key usage through your dashboard

Incident Response

If you suspect a key has been compromised:
  1. Immediately revoke the compromised key from your dashboard
  2. Generate a new key pair
  3. Update all affected applications
  4. Monitor for any unauthorized usage

Troubleshooting

Common Authentication Issues

IssueCauseSolution
401 UnauthorizedInvalid or missing tokenVerify your key is correct and properly formatted
403 ForbiddenUsing wrong key typeEnsure you’re using a secret key for API requests
Token expiredKey has been revokedGenerate a new key from your dashboard

Getting Help

If you’re experiencing authentication issues: