ZEUSxPay

Authentication

Learn how to authenticate your API requests with ZEUSXPAY

Authentication

All API requests to ZEUSXPAY must be authenticated using API keys. This guide explains how to obtain and use your API keys securely.

API Keys

ZEUSXPAY uses API keys to authenticate requests. You can create and manage your API keys from the Dashboard.

Key Types

We provide two types of API keys:

  • Test keys (prefix: sk_test_): Use these in development and testing
  • Live keys (prefix: sk_live_): Use these in production

Getting Your API Keys

  1. Log in to your Dashboard
  2. Navigate to SettingsAPI Keys
  3. Click Create API Key
  4. Give your key a descriptive name
  5. Copy the key immediately (it won’t be shown again)

⚠️ Security Warning: Never share your secret keys or commit them to version control.

Making Authenticated Requests

Include your API key in the Authorization header using Bearer authentication:

curl https://api.zeusxpay.io/v1/orders 
  -H "Authorization: Bearer sk_live_YOUR_API_KEY"

Example in Different Languages

JavaScript/Node.js

const axios = require('axios');

const client = axios.create({
	baseURL: 'https://api.zeusxpay.io/v1',
	headers: {
		Authorization: `Bearer ${process.env.ZEUSXPAY_API_KEY}`
	}
});

const orders = await client.get('/orders');

Python

import requests
import os

headers = {
    'Authorization': f'Bearer {os.environ["ZEUSXPAY_API_KEY"]}'
}

response = requests.get(
    'https://api.zeusxpay.io/v1/orders',
    headers=headers
)

PHP

<?php
$apiKey = getenv('ZEUSXPAY_API_KEY');

$ch = curl_init('https://api.zeusxpay.io/v1/orders');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Authorization: Bearer ' . $apiKey
]);

$response = curl_exec($ch);
?>

Best Practices

1. Use Environment Variables

Never hardcode API keys in your application. Use environment variables instead:

# .env file
ZEUSXPAY_API_KEY=sk_live_your_secret_key_here

2. Rotate Keys Regularly

Rotate your API keys periodically for enhanced security:

  1. Create a new API key
  2. Update your application to use the new key
  3. Delete the old key after confirming the new one works

3. Use Different Keys for Different Environments

Create separate API keys for:

  • Development
  • Staging
  • Production

4. Limit Key Permissions

When creating API keys, only grant the minimum permissions needed:

  • Full Access: Complete control (use carefully)
  • Read Only: View data only
  • Write Only: Create/update but not delete

5. Monitor Key Usage

Check your Dashboard regularly to:

  • Review API key activity
  • Identify unusual patterns
  • Revoke compromised keys

Rate Limiting

API requests are rate-limited to prevent abuse:

  • Test mode: 100 requests per minute
  • Live mode: 1000 requests per minute

Rate limit headers are included in every response:

X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1640995200

If you exceed the rate limit, you’ll receive a 429 Too Many Requests response.

Webhooks Authentication

Webhooks are authenticated differently using signatures. See our Webhooks Guide for details.

API Errors

401 Unauthorized

Your API key is missing or invalid:

{
	"error": {
		"type": "authentication_error",
		"message": "Invalid API key provided"
	}
}

Solution: Check that you’re using the correct API key and format.

403 Forbidden

Your API key doesn’t have permission for this operation:

{
	"error": {
		"type": "permission_error",
		"message": "This API key does not have permission to perform this action"
	}
}

Solution: Create a new API key with appropriate permissions.

Security Considerations

Keep Keys Secure

  • ✅ Store in environment variables
  • ✅ Use secret management services (AWS Secrets Manager, HashiCorp Vault)
  • ✅ Restrict access to production keys
  • ❌ Never commit to version control
  • ❌ Don’t expose in client-side code
  • ❌ Don’t share in public forums

Use HTTPS Only

All API requests must use HTTPS. Requests made over HTTP will be rejected.

IP Whitelisting (Enterprise)

Enterprise customers can whitelist IP addresses for additional security. Contact sales@zeusxpay.io to enable this feature.

Testing Authentication

Use our API playground to test your authentication:

Try the API Playground →

Need Help?

If you’re having authentication issues: