API Documentation
Authentication
Learn how to authenticate your API requests with PayDirect.
API Keys
PayDirect uses API keys to authenticate requests. You can manage your API keys in the developer dashboard.
Keep your API keys secure and never share them publicly. API keys have full access to your account.
Creating an API Key
bash
POST /api/api-keysRequest Body
| Parameter | Type | Description |
|---|---|---|
| type | string | Key type (Live, Test) |
Response
json
{
"key": "sk_...",
"type": "Live",
"created_at": "2024-03-20T12:00:00Z"
}Managing API Keys
Update or revoke your API keys.
Update API Key
bash
PATCH /api/api-keys/:keyIdRequest Body
| Parameter | Type | Description |
|---|---|---|
| name | string | Name for the API key |
| description | string | Description of the API key's purpose |
| permissions | object | Permissions for the API key |
Revoke API Key
bash
DELETE /api/api-keys/:keyIdUsing API Keys
Include your API key in the Authorization header of all requests:
bash
curl -X GET "https://paydirect.com/api/payments" \
-H "Authorization: Bearer YOUR_API_KEY"Replace YOUR_API_KEY with your actual API key. The key should start with "sk_".
Security Best Practices
- Never share your API keys or commit them to version control
- Use environment variables to store API keys
- Rotate your API keys regularly
- Use different API keys for different environments (development, staging, production)
- Revoke API keys that are no longer needed
- Monitor API key usage for suspicious activity
Error Codes
| Code | Description |
|---|---|
| 401 | Unauthorized - Invalid or missing API key |
| 403 | Forbidden - API key doesn't have required permissions |
| 429 | Too Many Requests - Rate limit exceeded |
Try it Out
Visit our interactive playground to test the Authentication API: