Icone PayDocsAuthentication
How to authenticate API requests with your route API key.
API Keys
Every route has a unique secret API key, issued when you create the route. The key identifies which app and route a payment belongs to, so treat it like a password: store it as a server-side secret and rotate it from the dashboard if it leaks.
Making Requests
Pass the key in the x-api-key header. Requests without a valid key are rejected with 401 Unauthorized.
Rate limits
Payment initialization is rate limited per key. If you exceed the limit you receive
429 Too Many Requests with a Retry-After header — back off and retry.Test vs Live
An app is either in test or live mode, toggled from the dashboard. Test mode uses platform sandbox credentials and simulates payments; live mode uses your own connected credentials and moves real money. The same API key works in both — the app's mode decides the behavior.