Overview
The Monieswitch API uses API token-based authentication to secure all requests. This guide covers how to obtain, use, and manage your API credentials safely.API Key Types
Monieswitch provides two types of API keys, each designed for specific use cases:Public Keys (Publishable Keys)
- Use case: Client-side integrations and Monieswitch Checkout
- Security: Safe to expose in frontend code and mobile applications
- Prefix:
pk_live_
(production) orpk_test_
(sandbox) - Capabilities: Limited to creating payment sessions and retrieving public data
Secret Keys (Private Keys)
- Use case: Server-side integrations and full API access
- Security: Must be kept confidential and stored securely
- Prefix:
sk_live_
(production) orsk_test_
(sandbox) - Capabilities: Full API access including sensitive operations
Security Best Practices: - Store SECRET_KEY tokens in environment
variables, never in code - Never commit secret keys to version control systems
- Avoid sharing secret keys in public channels, logs, or CI/CD configurations
- Regularly rotate your API keys for enhanced security - Use different keys for different environments (development, staging, production)
Getting Your API Keys
- Log in to your Monieswitch Dashboard
- Navigate to Settings → API Keys
- Generate new keys or copy existing ones
- Store them securely in your application’s environment variables
Making Authenticated Requests
Authentication Method
Monieswitch uses Bearer Token authentication. Include your secret key in theAuthorization
header of every API request:
Example Request
Code Examples
Base URL
All API endpoints are accessible from:Environment Variables Setup
Sandbox Environment
Create a.env
file in your project root:
Live Environment
Set environment variables in your hosting platform:Key Management Best Practices
Key Rotation
- Rotate API keys periodically (recommended: every 90 days)
- Generate new keys before revoking old ones to prevent service interruption
- Update all applications and services with new keys before revocation
Access Control
- Use different keys for different services or applications
- Implement key-specific scoping when available
- Monitor key usage through your dashboard
Incident Response
If you suspect a key has been compromised:- Immediately revoke the compromised key from your dashboard
- Generate a new key pair
- Update all affected applications
- Monitor for any unauthorized usage
Troubleshooting
Common Authentication Issues
Issue | Cause | Solution |
---|---|---|
401 Unauthorized | Invalid or missing token | Verify your key is correct and properly formatted |
403 Forbidden | Using wrong key type | Ensure you’re using a secret key for API requests |
Token expired | Key has been revoked | Generate a new key from your dashboard |
Getting Help
If you’re experiencing authentication issues:- Check our Error Handling Guide for detailed error codes
- Contact support at [email protected]