Authentication
AUTHENTICATION

Authentication

The public merchant API authenticates every request with one secret — your project's X-Api-Key. Each key is scoped to a single project and acts on that project's payments, static wallets, and balance. It is a server-to-server credential: call the API from your backend, never from a browser.

Get your API key

API keys are issued per project from the dashboard. Create, rotate, and revoke them there — revoking takes effect immediately.

  1. 01Open your project's API Keys in the dashboard and create a key.
  2. 02Copy the key immediately — it is shown only once. Store it as a server-side secret.
Create an API key

Make your first authenticated call

List your 5 most recent payments. Switch languages to see where the key goes — in the X-Api-Key header for raw HTTP, or once into the client for an SDK.

# Send your key in the X-Api-Key header on every request.
curl "https://api.suward.com/v1/payments?limit=5&order=desc" \
-H "X-Api-Key: $SUWARD_API_KEY"

Full reference: API · TypeScript SDK · Go SDK.