API Authentication

Authenticate server-side API requests using API keys

API Authentication

All API requests to Plexy must be authenticated. For server-side requests, use your API key in the request header.

Authentication header

Include your API key in the Authorization header using the scheme:

curl -X POST https://api.plexypay.com/v2/payments \
  -H "x-api-key: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"amount": 1000, "currency": "USD"}'

Never expose your secret API key in client-side code. Use client-side authentication for frontend applications.

Security best practices

Store keys securely - Use environment variables or a secrets manager
Rotate keys regularly - Generate new keys periodically
Use separate keys - Different keys for test and production environments
Monitor usage - Review API logs for unauthorized access attempts

Quickstart

Set up your first Plexy integration in minutes

Client-Side Authentication

Secure authentication for frontend and mobile applications

На этой странице

API Authentication Authentication header Security best practices