Authentication
Authentication in the API uses HTTP Bearer auth. You must include an Authorization
header with type Bearer
and your API key as value. For example:
Authentication Example
curl https://api.kernelpay.com/v1/customers \
-H "Authorization: Bearer live_secretkey_..."
Always keep your token safe and reset it if you suspect it has been compromised.
Understanding API keys
API keys are used to authenticate requests to the Kernel API. They are long-lived and should be kept secret. You can create and manage your API Keys in the Kernel Dashboard. Keys are composed by a prefix: the environment, and the key type.
There are two types of API keys:
- Secret keys: are used to make requests to the Kernel API. They are prefixed with
{env}_secretkey_
. Secret keys should be kept confidential and only stored securelly on your servers. - Public keys: are used to make public requests to the Kernel API. They are prefixed with
{env}_publickey_
.
Using an SDK
If you use one of our official SDKs, you won't have to worry about any of the above — fetch your access token from the Kernel dashboard under Settings » API Keys, and the client library will take care of the rest.