 (1) (1)-nobg.svg?dpl=dpl_p5zuruSp6XXCSM585kX47x2KwV5k){kind=small}
Authentication
Secure your API requests using API keys.
API Keys
Uprails uses API keys to authenticate requests. You can manage your API keys in the Dashboard under Developer Settings.
Your API keys carry many privileges, so be sure to keep them secure. Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, etc.
API Key Types
| Type | Prefix | Usage |
|---|---|---|
| Sandbox Key | snd_ | For development and testing. No real charges. |
| Production Key | prd_ | For production. Processes real transactions. |
Using Your API Key
Include your API key in the api-key header of every request:
curl https://api.uprails.com/payments \
-H "api-key: snd_YOUR_API_KEY" \
-H "Content-Type: application/json"Required Headers
| Header | Required | Description |
|---|---|---|
api-key | Yes | Your API key for authentication |
Content-Type | Yes | Must be application/json |
X-Idempotency-Key | Optional | Unique key for idempotent requests |
Authentication Errors
If authentication fails, you will receive a 401 Unauthorized response:
{
"error": {
"type": "authentication_error",
"code": "AU_01",
"message": "Invalid API key provided"
}
}Common Causes
- Missing or invalid API key
- Using a test key in production (or vice versa)
- API key has been revoked
- API key has expired
Best Practices
Store keys securely
Use environment variables or a secrets manager. Never commit API keys to version control.
Use different keys for environments
Use test keys during development and live keys only in production.
Rotate keys regularly
Create new API keys and revoke old ones periodically for security.
Server-side only
Always make API calls from your server. Never expose keys in client-side code.