Authentication - VeriPay API

Overview

VeriPay API uses API keys to authenticate requests. Your API keys carry significant privileges, so be sure to keep them secure and never share them publicly.

Security Notice

All API requests must be made over HTTPS. Requests made over plain HTTP will be rejected. Never include your API keys in client-side code or public repositories.

API Keys

VeriPay provides two types of API keys for different environments:

Sandbox

Test Keys

Start with sk_test_ - Use these for development and testing. No real money is processed.

Live

Live Keys

Start with sk_live_ - Use these for production. Real money is processed and fees apply.

Environment Separation

Always use the appropriate API keys for your environment:

Environment	Key Prefix	Base URL	Purpose
Sandbox	`sk_test_`	`https://api.veripay.us`	Development & Testing
Production	`sk_live_`	`https://api.veripay.us`	Live transactions

Rate Limiting

The VeriPay API implements rate limiting to ensure fair usage and maintain service quality:

Default limit: 60 requests per minute per API key
Burst allowance: Up to 10 requests in a 10-second window
Rate limit headers: Included in all API responses

Learn more about handling rate limits in our Rate Limits guide.

Rate Limit Headers

Check the X-RateLimit-Remaining and X-RateLimit-Reset headers in API responses to monitor your usage.

Common Authentication Errors

401 Unauthorized

Your API key is missing, invalid, or expired.

Solution: Verify your API key is correct and properly formatted in the Authorization header.

403 Forbidden

Your API key doesn't have permission to access this resource.

Solution: Ensure you're using the correct API key for your account and environment.

SSL/TLS Errors

Requests made over HTTP instead of HTTPS are rejected.

Solution: Ensure all API requests use HTTPS and your SSL certificates are valid.

Security Best Practices

Store API keys securely

Use environment variables or secure credential management systems. Never hardcode keys in your application.

Rotate keys regularly

Generate new API keys periodically and update your applications accordingly.

Monitor API usage

Regularly review your API usage logs and monitor for unusual activity.

Implement proper error handling

Handle authentication errors gracefully and implement retry logic for transient failures.

Testing Authentication

You can test your authentication setup with a simple API call:

# Test authentication
curl -H "Authorization: Bearer sk_test_your_api_key_here" \
     https://api.veripay.us/v1/payment-requests

Next Steps

Now that you understand authentication, explore the core API resources:

Core Resources Rate Limits