Paylias authenticates your API requests using API keys that can be generated from the dashboard. All authentication is performed via HTTP Basic Auth via the X-PAYLIAS-API-KEY header. You do not need to pass in any additional information or a password. If a key is not included, or an incorrect key is passed, we will return a 401 - Unauthorized HTTP status code. You must also use HTTPS, as we will reject all API requests over plain HTTP. API keys can be generated with scoped permissions to different resources as well as be assigned granularity through read and write access. This allows you to reduce the risk of a single API key compromising access to your entire Paylias account. However, we still recommend that your keys should never be exposed in any public forums, broadcasted internally within your organizations or saved in plain text inside your code repositories.

Example

Here’s a simple example of passing in your API key with any Paylias API endpoint:
Shell
curl --request GET \
     --url https://sandbox.paylias.xyz/gateway/api/v1/csp/customer/jane@paylias \
     --header 'X-PAYLIAS-API-KEY: <API-KEY>' \
     --header 'accept: application/json'

API Key Management

Your API keys can be managed from the dashboard. Each API Key can only be used within the Namespace it was generated against to provide an added layer of security. If you feel that your key has been compromised, please revoke your key from the dashboard immediately. API keys can also be modified from the dashboard. You can modify the permissions for each API key by increasing or decreasing its access rights. Additionally, keys can be enabled or disabled as well.

Required Headers

Besides the X-PAYLIAS-API-KEY header, most endpoints also require the X-Org-ID and X-Partner-ID headers.
  • X-Org-ID: This refers to the unique ID of your organization. You can find this on your dashboard or through the Login and Find Organization endpoints. An example organization ID looks like this org_d1qe2es20or1uciuv4h0
  • X-Partner-ID: This refers to the unique ID of the namespace you’re making requests against. You can also find this on your dashboard or through the Search Namespaces endpoint. An example namespace ID looks like this part_d1qe2ms20or1uciuv4hg