Authentication
AUTHENTICATION
Authentication
The public merchant API authenticates every request with one secret — your project's X-Api-Key. Each key is scoped to a single project and acts on that project's payments, static wallets, and balance. It is a server-to-server credential: call the API from your backend, never from a browser.
Get your API key
API keys are issued per project from the dashboard. Create, rotate, and revoke them there — revoking takes effect immediately.
- 01Open your project's API Keys in the dashboard and create a key.
- 02Copy the key immediately — it is shown only once. Store it as a server-side secret.
Make your first authenticated call
List your 5 most recent payments. Switch languages to see where the key goes — in the X-Api-Key header for raw HTTP, or once into the client for an SDK.
# Send your key in the X-Api-Key header on every request.curl "https://api.suward.com/v1/payments?limit=5&order=desc" \ -H "X-Api-Key: $SUWARD_API_KEY"Full reference: API · TypeScript SDK · Go SDK.