Authentication

The SimulatePay API uses API keys to authenticate requests. You can view and manage your API keys in the Merchant Dashboard.

Security Warning

Your secret API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Bearer Token

Authentication to the API is performed via HTTP Bearer Auth. Provide your API key as the bearer token in the `Authorization` header.

# All API requests should be made over HTTPS

Authorization: Bearer sk_test_sandbox_...

Public vs Secret Keys

Public Keys (pk_test_...)

Used for client-side integrations (like JS libraries) to identify your account safely.

Secret Keys (sk_test_...)

Used for server-side requests. They should never be exposed to the front-end.