All API requests must be authenticated using an API key passed in the x-api-key header.
API Keys
Kyren Pay uses API keys to authenticate requests. You can manage your API keys from the Merchant Dashboard.
The current backend implementation accepts live API keys:
| Key Type | Prefix | Purpose |
|---|
| Live | kyren_live_ | Production environment — real payments |
Making Authenticated Requests
Include your API key in the x-api-key header of every request:
curl https://api.kyren.top/v1/products \
-H "x-api-key: kyren_live_xxxxxxxxxxxxxxxxxxxx"
Keep your API keys secure.
- Never expose API keys in client-side code (JavaScript, mobile apps)
- Never commit API keys to version control
- Use environment variables to store keys in your server
- Regenerate keys immediately if they are compromised
Environments
| Environment | Base URL | API Key Prefix |
|---|
| Production | https://api.kyren.top | kyren_live_ |
| Staging | Issued by Kyren support | Use only the credentials issued for that staging environment |
The current public production API accepts live API keys with the kyren_live_ prefix.
Kyren does not currently expose self-service kyren_test_ keys in the merchant dashboard.
Use a staging base URL only when Kyren has issued matching staging credentials to you.
Regenerating API Keys
If your API key is compromised, you can regenerate it from the Dashboard:
- Go to Dashboard > Developer
- Click Regenerate next to the key you want to replace
- Confirm the action
Regenerating a key immediately invalidates the old key. Make sure to update all your integrations with the new key.
Error Responses
If authentication fails, the API returns a 401 Unauthorized response:
{
"code": 401,
"message": "Unauthorized"
}
- Missing
x-api-key header
- Invalid or expired API key
- Using an API key prefix not accepted by the current environment
