Authorization

Nexpay authenticates your API requests using your account's API keys. If a request doesn't include a valid key, Nexpay returns an Unauthorized error.

Authenticating requests

Nexpay uses the Authorization header to authenticate your API call.

What you will need

A valid API key

To generate and retrieve the API keys for your account follow this guide.

Example of an authenticated request:

const makeRequest = async () => {
  const requestConfig = {
    method: 'GET',
    headers: {
      'Authorization': 'ApiKey pk_prod_your-api-key'
    },
  };

  try {
    const response = await fetch('https://api.nexpay.com/v2/users/me', requestConfig);

    if (response.ok) {
      const data = await response.json();

      console.log(data);
    } else {
      throw new Error(`Request failed with status: ${response.status}`);
    }
  } catch (error) {
    console.error(error);
  }
};

makeRequest();

Requests without API Key

Requests without a valid API key in the Authorization header will throw an error.

Types of users

When interacting with Nexpay's API, different user types have specific permissions and access levels.

User

As a standard user, you have access to all available API endpoints. This user type is bound by roles/permissions.

API Key

API Keys provide programmatic access to Nexpay's API. While most endpoints are accessible, some administrative actions may be restricted. This user type is suitable for automated processes and system-to-system integrations.

Roles

We use roles to control user permissions. Each role defines specific actions that users can perform. API keys have super admin access by default.