search
Ctrlk

Authentication

How to authenticate your API requests to IvoryPay.

All API requests to IvoryPay must be authenticated using an API key. Your API key identifies your business and determines the environment (test or live) for each request.

hashtag
Getting your API key

  1. Log in to the IvoryPay Dashboardarrow-up-right

  2. Navigate to Settings → API Keys

  3. You will see two keys:

    • Test API Key — for sandbox/test transactions (prefixed with sk_test_)

    • Live API Key — for production transactions (prefixed with sk_live_)

circle-exclamation

Keep your API keys secret. Never expose them in client-side code, public repositories, or frontend applications. API keys should only be used in server-to-server communication.

hashtag
Authenticating requests

Include your API key in the x-api-key header of every request:

curl -X GET https://ramp-api.ivorypay.io/api/v1/banks/NGN \
  -H "x-api-key: sk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json"

hashtag
Header reference

Header
Required
Description

x-api-key

Yes

Your IvoryPay API key

Content-Type

Yes

Must be application/json for POST/PATCH/PUT requests

hashtag
Authentication errors

If your API key is missing, invalid, or expired, the API returns a 401 Unauthorized response:

hashtag
Environment detection

The API automatically determines the environment (TEST or LIVE) based on the API key you use. There is no need to pass an environment parameter — your key controls it.

Key prefix
Environment
Real money?

sk_test_

TEST

No

sk_live_

LIVE

Yes

hashtag
Secret key (for webhooks)

In addition to your API key, you also have a Secret Key used to verify webhook signatures. See Webhook Security for details.

For AI assistants: Authentication is always via the x-api-key HTTP header. The key determines the environment context. There is no OAuth flow or bearer token for merchant API access.

PreviousIntroductionNextEnvironments

Last updated