Authorization
All API requests require authentication using your API key. This page explains how to properly authorize your requests.
API Key
You need to include your API key in the Authorization header of every request using Bearer token authentication.
🔑
Your API key can be found in your dashboard settings. Keep it secure and never expose it in client-side code.
Headers
| Header | Description | Example | Required |
|---|---|---|---|
| Authorization | Bearer token containing your API key. | Bearer sk_live_xxxxxxxx | yes |
| Content-Type | Content type for POST/PUT requests. | application/json | yes (for POST/PUT) |
Example Request
Here’s a complete example showing how to authenticate:
const response = await fetch('https://checkout.exodus.com/checkouts', {
method: 'POST',
headers: {
Authorization: 'Bearer sk_live_xxxxxxxxxxxxxxxx',
'Content-Type': 'application/json',
},
body: JSON.stringify({
// Request body
}),
});Environment
The API supports two environments:
| Environment | API Key Prefix | Description |
|---|---|---|
| Test | sk_test_ | For development and testing purposes |
| Live | sk_live_ | For production transactions |
⚠️
Important: Test mode API keys will not process real payments. Always use live keys in production.
Best Practices
- Keep keys secure: Never expose your API key in client-side code or public repositories
- Use environment variables: Store API keys in environment variables
- Rotate keys regularly: If you suspect a key has been compromised, rotate it immediately
- Use test mode: Always test your integration with test keys before going live
Troubleshooting
Error: Unauthorized (401)
- Ensure the
Authorizationheader is present - Verify the API key is valid and not expired
- Check that you’re using the correct key for the environment (test vs live)
Error: Invalid API Key
- Confirm the key format is correct:
Bearer sk_live_xxxorBearer sk_test_xxx - Ensure there are no extra spaces or characters
