API Authentication & API Keys
8 min · Learn how to authenticate requests, manage API keys, and handle rate limits.
Secure every API request with keys, OAuth, or mTLS depending on product. This article explains headers, rotation, and rate limits.
API Keys
Request API keys from sales or the developer portal. Include the key in the X-API-Key header for server-to-server calls. Never expose keys in mobile apps — use your backend.
OAuth 2.0
Financial and BBPS products may require OAuth client credentials. Tokens expire — refresh before calling payment endpoints.
Rate Limits
Default limits apply per product. Enterprise plans include higher quotas and dedicated endpoints. Implement exponential backoff for HTTP 429.
Errors
Use HTTP status codes and JSON error bodies. Log correlation IDs from responses when opening support tickets.
Need help? Open a support ticket or contact sales.