All API requests must be authenticated using an API key passed in the x-api-key header.
API Keys
Kyren Pay uses API keys to authenticate requests. You can manage your API keys from the Merchant Dashboard.
There are two types of API keys:
| Key Type | Prefix | Purpose |
|---|
| Live | kyren_live_ | Production environment — real payments |
| Test | kyren_test_ | Sandbox environment — no real charges |
Making Authenticated Requests
Include your API key in the x-api-key header of every request:
curl https://api.kyren.top/v1/products \
-H "x-api-key: kyren_live_xxxxxxxxxxxxxxxxxxxx"
Keep your API keys secure.
- Never expose API keys in client-side code (JavaScript, mobile apps)
- Never commit API keys to version control
- Use environment variables to store keys in your server
- Regenerate keys immediately if they are compromised
Environments
| Environment | Base URL | API Key Prefix |
|---|
| Production | https://api.kyren.top | kyren_live_ |
| Sandbox | https://test-api.kyren.top | kyren_test_ |
Test and live API keys are completely separate. Data created with test keys is not visible in the live environment, and vice versa.
Regenerating API Keys
If your API key is compromised, you can regenerate it from the Dashboard:
- Go to Dashboard > Developer
- Click Regenerate next to the key you want to replace
- Confirm the action
Regenerating a key immediately invalidates the old key. Make sure to update all your integrations with the new key.
Error Responses
If authentication fails, the API returns a 401 Unauthorized response:
{
"code": 401,
"message": "Unauthorized"
}
- Missing
x-api-key header
- Invalid or expired API key
- Using a test key against the production URL (or vice versa)
