Authentication

How to authenticate your requests to the MoniPay API.

The MoniPay API uses API keys to authenticate requests. You can manage your API keys in the MoniPay app under Settings > Developer > API Keys.

API Key Types

| Key Type | Prefix | Description | | :--- | :--- | :--- | | Public Key | pk_live_ | Used in client-side code (e.g., JS SDK). Identifies your account. | | Secret Key | sk_live_ | Server-side only. Used to authorize sensitive operations like creating orders. |

Using Your Secret Key

Your secret key should be included in the Authorization header of your HTTP requests as a Bearer token.

bash

Never expose your secret key in frontend code or public repositories. If a key is compromised, revoke it immediately in the developer dashboard.

Webhook Signatures

When MoniPay sends a webhook to your server, it includes an X-MoniPay-Signature header. You should verify this signature to ensure the request actually came from MoniPay.

Learn how to verify webhooks →