Skip to main content
Every request you make to https://api.kya.dev/v1 must include an Authorization header with a valid API key. Mandate uses two key types — sandbox keys for development and testing, and production keys for live workloads — and enforces them strictly so that sandbox operations can never accidentally affect real funds.

API key types

Sandbox keys allow all API operations but refuse to process real payment settlement. Certain endpoints — such as POST /v1/payments/proof — are only available to sandbox keys and return 400 production_payments_not_supported if you call them with a production key.

Sending the authorization header

Include your API key as a Bearer token on every request:

Creating an API key

You can create additional API keys from the dashboard Settings page, or programmatically via the API. If you already have a valid key, authenticate your request and POST /v1/accounts/api-keys:
cURL
Request body
label
string
A human-readable label to identify this key in the dashboard. Optional but recommended.
key_type
string
default:"sandbox"
The key type to create. Must be "sandbox" or "production".
Response 201
The raw key value is returned only once, at creation time. Copy it immediately and store it in a secrets manager. If you lose it, you must create a new key — there is no way to retrieve the original.

Listing and revoking API keys

Retrieve metadata for all keys on your account (key values are never returned after creation):
Revoke a key immediately — all requests using that key will be rejected:

Authentication errors