Authentication

Authentication in the API uses HTTP Bearer auth. You must include an Authorization header with type Bearer and your API key as value. For example:

Authentication Example

curl https://api.kernelpay.com/v1/customers \
  -H "Authorization: Bearer live_secretkey_..."

Always keep your token safe and reset it if you suspect it has been compromised.

Understanding API keys

API keys are used to authenticate requests to the Kernel API. They are long-lived and should be kept secret. You can create and manage your API Keys in the Kernel Dashboard. Keys are composed by a prefix: the environment, and the key type.

There are two types of API keys:

  • Secret keys: are used to make requests to the Kernel API. They are prefixed with {env}_secretkey_. Secret keys should be kept confidential and only stored securelly on your servers.
  • Public keys: are used to make public requests to the Kernel API. They are prefixed with {env}_publickey_.

Using an SDK

If you use one of our official SDKs, you won't have to worry about any of the above — fetch your access token from the Kernel dashboard under Settings » API Keys, and the client library will take care of the rest.

Check out our list of first-party SDKs

Was this page helpful?