Back to Glossary
Definition

API Authentication

The process of verifying identity and permissions when making API requests to a payment gateway.

API authentication is the process of verifying the identity and permissions of an application making API requests. Payment gateways use authentication to ensure only authorized merchants can create payments.

Common Authentication Methods

MethodDescriptionUse Case

|--------|-------------|----------|

API KeyStatic token identifying the merchantSimple identification API Key + HMACKey + signature for each requestSecure payment APIs OAuth 2.0Token-based with scopesUser-authorized access JWTSelf-contained signed tokensDashboard/portal access

Pulse2Pay Authentication

Pulse2Pay uses API Key + HMAC Signature:

POST /api/v1/payment/create

X-API-Key: mk_live_abc123...


X-Signature: 5f4d3c2b1a...


X-Timestamp: 1705320000

Components

  • API Key: Identifies your merchant account
  • API Secret: Used to generate signatures (never sent)
  • HMAC Signature: Proves request authenticity
  • Timestamp: Prevents replay attacks

    • Why HMAC Over Simple API Keys?

    FeatureAPI Key OnlyAPI Key + HMAC

    |---------|--------------|----------------|

    Identity verificationβœ“βœ“ Request integrityβœ—βœ“ Replay protectionβœ—βœ“ Man-in-middle protectionβœ—βœ“

    Security Best Practices

  • Never expose secrets: Keep API Secret server-side only
  • Use HTTPS: Always encrypt traffic
  • Rotate credentials: Generate new keys periodically
  • Monitor usage: Watch for unusual patterns

    • Related Terms

  • HMAC Signature
  • Webhooks
  • Crypto Payment Gateway

    • Learn More

  • API Authentication Guide
  • API Reference
    • #api#authentication#security#integration
    Blockchain Confirmations

    Related Terms

    Webhooks

    Learn More

    Integration GuidesDeveloper DocsProduct Overview