Authentication
Securely authenticate to the BessaPay API
API Key Authentication
The BessaPay API uses API keys to authenticate requests. API keys are used to identify the developer and merchant making the request.
API Key Format
API keys are prefixed with sk_ for live keys and sk_test_ for test keys.
1# Live API Key Example
2sk_live_1234567890abcdefghijklmnopqrstuvwxyz
3
4# Test API Key Example
5sk_test_1234567890abcdefghijklmnopqrstuvwxyzUsing API Keys
Include your API key in the X-API-Key header in all requests to the API.
1# Example API request with API key
2curl https://api.semuni.com/api/v1/integration/transactions/create \
3 -H "X-API-Key: sk_test_1234567890abcdefghijklmnopqrstuvwxyz" \
4 -H "Content-Type: application/json" \
5 -d '{
6 "merchantId": "mer_12345abcde",
7 "amount": 1000,
8 "currency": "KES",
9 "reference": "order-123456",
10 "customer": {
11 "name": "John Doe",
12 "email": "john@example.com",
13 "phone": "+254712345678"
14 }
15 }'⚠️ API Key Security
Your API keys carry significant privileges. Never share your API keys in publicly accessible areas such as GitHub, client-side code, or in your frontend application.
API Key Management
You can create, view, and manage your API keys in the BessaPay Dashboard. Each merchant can have multiple developers, each with their own API key.
API Key Permissions
API keys have the following role-based permissions:
ROLE_API_DEVELOPER- Base role for all API keysROLE_MERCHANT_API_FOR_{merchantId}- Merchant-specific permission
API Key Rotation
For security best practices, we recommend rotating your API keys periodically. To rotate an API key:
- Create a new API key in the BessaPay Dashboard
- Update your applications to use the new API key
- Verify that your applications are working with the new key
- Deactivate the old API key