Authentication
All external API calls require authentication via the X-API-Key request header. Your API key is found in Dashboard → Integrations.
API key requirements
- Include
X-API-Keyon every server-to-server request - Your merchant account must have
approvedstatus for the API key to work - Keep your API key secret — never expose it in frontend code or client-side apps
Request header
Header
X-API-Key: ksh_live_xxxxxxxxxxxxxxxxxxxxKey format
- Live keys:
ksh_live_... - Test keys:
ksh_test_...(when sandbox is supported)
Error responses
Missing API key
json
{
"success": false,
"error": {
"code": "MISSING_API_KEY",
"message": "X-API-Key header is required"
}
}Invalid API key
json
{
"success": false,
"error": {
"code": "INVALID_API_KEY",
"message": "Invalid or inactive API key"
}
}See the full error reference for more error codes and HTTP status codes.