Authentication

API Key Authentication

The SafePays API V2 uses API keys to authenticate all requests. Your API key must be included in every request — either in the JSON request body (for POST endpoints) or as a query parameter (for GET endpoints).

Obtaining Your API Key

Log in to your SafePays Dashboard
Navigate to Settings → API Keys
Click Generate New API Key
Copy the key immediately — it won't be shown again

Security Notice

Never expose your API key in client-side code
Never commit API keys to version control
Use environment variables to store keys
Rotate keys regularly

Using Your API Key

In POST Requests

Include api_key in the JSON request body:

curl -X POST https://app.safepays.com/api/v2/customer \
  -H "Content-Type: application/json" \
  -d '{
    "api_key": "your_api_key_here",
    "name": "John Doe",
    "email": "john.doe@example.com"
  }'

const response = await fetch('https://app.safepays.com/api/v2/customer', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    api_key: process.env.SAFEPAYS_API_KEY,
    name: 'John Doe',
    email: 'john.doe@example.com'
  })
});

import os
import requests
import json

api_key = os.environ.get('SAFEPAYS_API_KEY')

response = requests.post(
    'https://app.safepays.com/api/v2/customer',
    headers={'Content-Type': 'application/json'},
    data=json.dumps({
        'api_key': api_key,
        'name': 'John Doe',
        'email': 'john.doe@example.com'
    })
)

In GET Requests

Pass api_key as a query parameter:

curl -X GET "https://app.safepays.com/api/v2/customer/550e8400-e29b-41d4-a716-446655440000?api_key=your_api_key_here"

const customerId = '550e8400-e29b-41d4-a716-446655440000';
const apiKey = process.env.SAFEPAYS_API_KEY;

const response = await fetch(
  `https://app.safepays.com/api/v2/customer/${customerId}?api_key=${apiKey}`
);

import os
import requests

api_key = os.environ.get('SAFEPAYS_API_KEY')
customer_id = '550e8400-e29b-41d4-a716-446655440000'

response = requests.get(
    f'https://app.safepays.com/api/v2/customer/{customer_id}?api_key={api_key}'
)

Authentication Errors

When authentication fails, you'll receive a 401 Unauthorized response:

{
  "error": "Invalid API Key"
}

Common causes:

Missing api_key in request
Incorrect API key
Expired or revoked API key

Best Practices

Use Environment Variables

Never hardcode API keys in source code:

// .env file
SAFEPAYS_API_KEY=your_api_key_here

// Your application
require('dotenv').config();
const apiKey = process.env.SAFEPAYS_API_KEY;

# .env file
SAFEPAYS_API_KEY=your_api_key_here

# Your application
from dotenv import load_dotenv
import os

load_dotenv()
api_key = os.getenv('SAFEPAYS_API_KEY')

Secure Storage

Store API keys in secure key management services (AWS Secrets Manager, Azure Key Vault, etc.)
Use encrypted environment variables in production
Limit API key access to necessary personnel only

Authentication

On this page