Authentication¶
All v2 API endpoints require an API Key passed in the token header.
How It Works¶
sequenceDiagram
participant Y as Your Server
participant S as SecPaid API
Y->>S: POST /api/v2/createLink<br/>Header: token: YOUR_API_KEY
S->>S: Validate API Key → resolve user
S-->>Y: Response
- You send your API Key in the
tokenheader - SecPaid validates the key and resolves your account
- Your request is authenticated and processed
Request Format¶
POST /api/v2/createLink HTTP/1.1
Host: app.secpaid.com
Content-Type: application/json
token: YOUR_API_KEY
{
"amount": 49.99
}
Getting Your API Key¶
Production¶
Your production API Key is available in the platform dashboard:
- Log in to your SecPaid account at app.secpaid.com
- Navigate to Settings → API & Integrations
- Copy your API-Token from the field shown
Development (app.dev.secpaid.com)¶
Accounts for the development environment are provisioned by SecPaid — there is no public self-signup for app.dev.secpaid.com. Email support@secpaid.com to request a sandbox account; we will send your login and development API Key. Use that key only with https://app.dev.secpaid.com/api/v2/. See Environments & Rate Limits for details.
Your API Key is an alphanumeric string (e.g., S3ZOMroDliZZBWyL). Each environment (development / production) has a separate key.
Also on this page
The API & Integrations tab also shows your Payment Endpoint (webhook URL) and your Recipient Token (used when others reference you in split links).
Security Best Practices¶
Keep your token secret
Your API Key grants full access to your SecPaid account. Treat it like a password.
- Store the token in environment variables, never in client-side code
- Use HTTPS exclusively (enforced by SecPaid)
- Rotate your token if you suspect it has been compromised — contact support
- Do not share tokens between environments (dev vs. production)
Error Responses¶
If authentication fails, you'll receive:
{
"ResponseCode": 0,
"ResponseMsg": "Incorrect token or missing token",
"Result": "False",
"ServerTime": "CEST"
}
Common causes:
| Error | Cause |
|---|---|
Missing token header |
Header not included in request |
| Invalid API key | Token doesn't match any SecPaid user |
| Wrong environment | Using a dev token against production or vice versa |