Authentication is done by providing your API Key. It must be transmitted in all requests in the access_token header. If the API Key is invalid, not informed, or the header is incorrect, our API will return HTTP 401.


"Content-Type": "application/json",
"access_token": "your_api_key"


API Keys are distinct between Sandbox and Production environments, so remember to change it when switching the URL.

To obtain your API Key access the integrations area on our web interface.



  • Your API Key should be encrypted and stored in your database, and can only be decrypted by your server, in order to prevent it from being used in case of external breaches.
  • Your API Key carries many privileges, so make sure to keep it protected. Do not provide it in customer service and do not expose it on the front-end of your application.
  • Moreover, it cannot be recovered if lost, it is necessary to generate a new one.

URL for endpoint calls

After creating the account and generating the API key, use the specific URL for each environment in your calls, as listed below:

TLS (Transport Layer Security) protocol

Currently, our production systems accept TLS 1.2 and 1.3 for communication. However, we recommend using TLS 1.3.