Authentication
All API requests require a Bearer token in the Authorization header.
Getting Your API Key
- Log in to the NabooPay Dashboard
- Go to Settings > API Keys
- Copy your API key
Using Your API Key
Add the Authorization header to every request:
Authorization: Bearer YOUR_API_KEY
cURL
curl https://api.naboopay.com/api/v2/accounts \
-H "Authorization: Bearer YOUR_API_KEY"
JavaScript
const response = await fetch('https://api.naboopay.com/api/v2/accounts', {
headers: {
'Authorization': `Bearer ${process.env.NABOOPAY_API_KEY}`
}
});
Python
import requests
response = requests.get(
'https://api.naboopay.com/api/v2/accounts',
headers={'Authorization': f'Bearer {API_KEY}'}
)
PHP
$ch = curl_init('https://api.naboopay.com/api/v2/accounts');
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Authorization: Bearer ' . $apiKey
]);
Security Best Practices
Keep Keys Secret
- Never commit API keys to version control
- Use environment variables or a secrets manager
- Don't expose keys in client-side code
// Good - server-side
const API_KEY = process.env.NABOOPAY_API_KEY;
// Bad - exposed in browser
const API_KEY = 'pk_live_naboo_xxxx'; // Don't do this!
Rotate Keys Regularly
If you suspect a key is compromised:
- Generate a new key in the dashboard
- Update your application to use the new key
- Revoke the old key
Authentication Errors
| Status | Error | Solution |
|---|---|---|
| 401 | Missing API key | Add the Authorization header |
| 401 | Invalid API key | Check your key is correct and active |
| 403 | Forbidden | Key doesn't have permission for this resource |
Example error response:
{
"error": "Invalid or missing API key"
}