DOCUMENTATION

Authentication

Secure your API requests with API Keys.

API Keys

Authentication is performed via a Secret API Key. You can generate and manage these keys in the Merchant Dashboard under Settings > API Access.

Your API keys carry full administrative privileges for your account, so keep them secure.

Security Warning: Never expose your Secret API Key in client-side code (browsers, mobile apps). Only use it from your backend server.

Authorization Header

Include your API Key in the Authorization header of all requests using the Bearer scheme.

HTTP Header

Authorization: Bearer pg_live_8cd80b...

Generate API Key

Programmatically generate a new API key. This will revoke any existing key for the merchant.

POST/api/v1/auth/api-keys

This endpoint uses session authentication (httpOnly cookie), not API key auth. It is intended for use from the Dashboard or authenticated browser sessions.

201 Created

{
  "api_key": "pg_live_8cd80b4a9f2e...",
  "prefix": "pg_live_8cd80b4a",
  "created_at": "2024-03-20T14:00:00Z",
  "warning": "Save this key securely. You won't see it again."
}

Revoke API Key

Revoke your current API key. All API integrations using this key will stop working immediately.

DELETE/api/v1/auth/api-keys

200 OK

{
  "success": true,
  "message": "API key revoked successfully"
}

Example Request

curl -X POST https://flash-protocol.vercel.app/api/v1/payment-links \
  -H "Authorization: Bearer pg_live_8cd80b..." \
  -H "Content-Type: application/json"
  -d '{
    "amount": 49.99,
    "currency": "USD",
    "title": "Premium Subscription",
    "success_url": "https://myapp.com/success"
  }'

Getting Started

Core Resources