🔐Authentication

Moneroo API endpoints are secured with API keys, which you can create from the dashboard. You must include your API key in all API requests to the server as a header field.

To interact with the Moneroo API, you must follow each of your requests with an Authorization header including your secret key in the Authorization header. You can manage your API keys from the dashboard.

Generally, we provide both public and secret keys. Public keys are intended to be used from your interface when integrating using JavaScript SDKs and in our mobile SDKs only. By design, public keys cannot modify any part of your account except to initiate transactions to you. Secret keys, on the other hand, must remain secret. If for some reason you think your secret key has been compromised or you want to reset it, you can do so from the dashboard.

To create API keys, go to the developer section of your Moneroo apps.

Do not commit your secret keys to git, or use them in client-side code.

When building and testing your integration, you should use Sandbox API keys. To learn more about Sandbox mode, check out our guide to Moneroo API testing. Once you're ready to process real payments, replace your test key with Live API keys.

Of course, it's very important to secure all API keys. Never share them. However, if a key leaks, you can always delete it. Don't forget to apply the new keys to your code. Until you do, your integration will not work.

Authentication of an API call

The API key or token must be sent with each API request, by providing it in the Authorization header of the HTTP call using the Bearer method.

For example, a valid Authorization header is Bearer test_dHar4XY7LxsDOtmarVtjNVWXLSlXsM.

In general, our SDKs provide shortcuts to easily set the API key or access token.

In the example below, we use a test API key for the GET method of the payment resource. This method retrieves a payment, in this case, the payment with the payment ID test_yyfbwekjnsd.

curl https://api.moneroo.io/v1/payments/test_yyfbwekjnsd
-H "Authorization: Bearer YOUR_SECRET_KEY"
-X GET

Do not set VERIFY_PEER to FALSE. Ensure your server verifies the SSL connection to Moneroo.

Rate Limiting

Moneroo API has a rate limit of 120 requests per minute. If you exceed this limit, you'll get a 429 Too Many Requests response for subsequent requests. If you get this response, wait for a minute before retrying your request.

Last updated