https://api.kya.dev/v1 must include an Authorization header with a valid API key. Mandate uses two key types — sandbox keys for development and testing, and production keys for live workloads — and enforces them strictly so that sandbox operations can never accidentally affect real funds.
API key types
Sandbox keys allow all API operations but refuse to process real payment settlement. Certain endpoints — such as
POST /v1/payments/proof — are only available to sandbox keys and return 400 production_payments_not_supported if you call them with a production key.
Sending the authorization header
Include your API key as a Bearer token on every request:Creating an API key
You can create additional API keys from the dashboard Settings page, or programmatically via the API. If you already have a valid key, authenticate your request andPOST /v1/accounts/api-keys:
cURL
A human-readable label to identify this key in the dashboard. Optional but recommended.
The key type to create. Must be
"sandbox" or "production".201

