Skip to main content
The Credibill API uses API keys to authenticate requests. You can view and manage your API keys in the Developer Dashboard.

API Keys

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code.
Key TypePrefixDescription
Secret Keysk_Used for server-side requests. Has full access to your account. Keep secret.
Publishable Keypk_Used in client-side code (e.g., React, iOS) to tokenize payment details. Safe to expose.

Authenticating Requests

Authentication to the API is performed via the Authorization header using the Bearer scheme. 
Authorization: Bearer sk_live_51...

Example Request

// components/CustomersList.tsx
import { useQuery } from "@tanstack/react-query";

async function fetchCustomers() {
  const res = await fetch("/api/customers"); // calls server-side route
  if (!res.ok) throw new Error("Failed to fetch customers");
  return res.json();
}

export default function CustomersList() {
  const { data, isLoading, isError, error } = useQuery(
    ["customers"],
    fetchCustomers
  );

  if (isLoading) return <div>Loading...</div>;
  if (isError) return <div>Error: {error.message}</div>;

  return (
    <ul>
      {data.map((c) => (
        <li key={c.id}>
          {c.email}{c.name}
        </li>
      ))}
    </ul>
  );
}
Server-side route (App Router)
// app/api/customers/route.ts
import { NextResponse } from "next/server";

export async function GET() {
  const res = await fetch(
    "https://giant-goldfish-922.convex.site/api/customers",
    {
      headers: {
        Authorization: `Bearer ${process.env.CREDIBILL_SECRET_KEY}`,
        "Content-Type": "application/json",
      },
    }
  );

  const data = await res.json();
  return NextResponse.json(data);
}

Error Handling

If the API key is missing, malformed, or invalid, the API will return a 401 Unauthorized response. 
{
  "error": {
    "code": "unauthorized",
    "message": "Invalid API Key provided."
  }
}