Authentication

CyberPay uses API keys to authenticate requests. You'll need to include your API key in the Authorization header of every request.

Getting Your API Key

Sign up for a CyberPay account at cyberpay.org
Navigate to the Developer section in your dashboard
Generate a new API key for your project
Copy and securely store your API key

Authentication Methods

Bearer Token (Recommended)

Include your API key in the Authorization header:

curl -X POST https://api.cyberpay.org/v1/quote \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "inputToken": {...},
    "outputToken": {...},
    "inputAmount": "1000000"
  }'

API Key Header (Alternative)

You can also use the X-API-Key header:

curl -X POST https://api.cyberpay.org/v1/quote \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{...}'

Environment Setup

Production Environment

Base URL: https://api.cyberpay.org
Rate Limits: 1000 requests/minute
Real transactions: Uses mainnet tokens

Testnet Environment

Base URL: https://testnet-api.cyberpay.org
Rate Limits: 100 requests/minute
Test transactions: Uses testnet tokens

Rate Limiting

API requests are rate-limited based on your plan:

Plan	Rate Limit	Burst Limit
Free	100/min	200/min
Pro	1000/min	2000/min
Enterprise	Custom	Custom

When you exceed the rate limit, you'll receive a 429 Too Many Requests response:

{
  "success": false,
  "error": {
    "code": "RATE_LIMIT_EXCEEDED",
    "message": "Rate limit exceeded. Try again in 60 seconds.",
    "retryAfter": 60
  }
}

Error Responses

Authentication errors return a 401 Unauthorized status:

{
  "success": false,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid API key",
    "details": "The provided API key is invalid or has been revoked"
  }
}

Best Practices

Security

Store API keys in environment variables
Use different keys for different environments
Rotate keys regularly
Monitor API key usage

Implementation

Implement proper error handling for auth failures
Cache authentication tokens when possible
Use exponential backoff for rate limit errors
Log authentication events for security monitoring

Next Steps

Now that you have authentication set up, you're ready to make your first API call:

First API Call - Execute your first request
Integration Guide - Understand the core concepts