API Authentication

Learn how to authenticate your API requests to Inkress using API keys.

Overview

The Inkress API uses API keys to authenticate requests. You can view and manage your API keys in the Integration section of your dashboard.

Security Notice

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, etc.

API Key Types

Test Keys

For development and testing

Begin with sk_test_

No real charges are made with test keys

Live Keys

For production use

Begin with sk_live_

Real charges are processed with live keys

Making Authenticated Requests

Include your API key in the Authorization header of your requests:

Authorization: Bearer sk_test_abc123xyz456def789

Example Request

Here's a complete example using cURL:

cURL Request

curl https://api.inkress.com/v1/payment-links \
  -H "Authorization: Bearer sk_test_abc123xyz456def789" \
  -H "Content-Type: application/json"

Using the SDK

The recommended way to authenticate is using the @inkress/admin-sdk:

SDK Authentication

import InkressSDK from "@inkress/admin-sdk";

const sdk = new InkressSDK({
  accessToken: process.env.INKRESS_API_KEY,
  mode: 'sandbox', // or 'live' for production
  username: 'your-merchant-username'
});

// Now you can make authenticated requests
const merchants = await sdk.merchants.list();
console.log(merchants);

JavaScript Fetch Example

Fetch API

const response = await fetch('https://api.inkress.com/v1/payment-links', {
  method: 'GET',
  headers: {
    'Authorization': 'Bearer sk_test_abc123xyz456def789',
    'Content-Type': 'application/json'
  }
});

const data = await response.json();
console.log(data);

Python Example

Python Requests

import requests

headers = {
    'Authorization': 'Bearer sk_test_abc123xyz456def789',
    'Content-Type': 'application/json'
}

response = requests.get(
    'https://api.inkress.com/v1/payment-links',
    headers=headers
)

print(response.json())

Error Handling

If authentication fails, you'll receive a 401 Unauthorized response:

Error Response

{
  "error": {
    "type": "authentication_error",
    "message": "Invalid API key provided"
  }
}

Best Practices

Never commit API keys to version control
Use environment variables to store API keys
Rotate your API keys periodically
Use different keys for development and production
Revoke keys immediately if they're compromised

Need Help?

If you're having trouble with authentication, check out our API Reference or contact support.