Sandbox API keys have the prefix sk_test and live API keys have the prefix sk_live.

Your API keys are highly sensitive and provide full access to your platform and bureau data. Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Authentication to the API is performed via Bearer auth. This requires setting the Authentication header, e.g. -H "Authorization: Bearer sk_test_51MktQKLA3xH30J63kOdV0kAdOkV2KDBLQ"

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

curl --request GET \
  --url \
  --header "Authorization: Bearer sk_test_51MktQKLA3xH30J63kOdV0kAdOkV2KDBLQ"