Skip to main content

API Authentication

All API requests require authentication using your API key in the Authorization header.

Using Your API Key

Include your API key in the Authorization header with the Bearer prefix: 
x-api-key: YOUR_API_KEY

Example Request

curl -X POST https://prod.cheqpay.mx/payment-orders \
  -H "x-api-key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "externalId": "order-123",
    "amount": 10000,
    "currency": "MXN"
  }'
Keep your API keys secure. Never share them publicly or commit them to version control.

Best Practices

Store Keys Securely

Always use environment variables to store your API credentials: 
// ✅ Good - Use environment variables
const apiKey = process.env.CHEQPAY_API_KEY;

// ❌ Bad - Never hardcode
const apiKey = 'sk_live_abc123...';

Use Different Keys for Each Environment

You’ll receive separate API keys for:
  • Sandbox - For testing and development
  • Production - For live payments
Never use production keys in your development environment.

Rotate Keys Regularly

For security, periodically rotate your API keys:
  1. Generate a new key in your dashboard
  2. Update your application with the new key
  3. Test thoroughly
  4. Deactivate the old key

Getting Your API Keys

  1. Sign up for a Cheqpay account
  2. Navigate to your dashboard
  3. Go to Settings → API Keys
  4. Copy your keys for sandbox and production
Contact our support team at [email protected] if you need help setting up your API keys.