API Keys and Authentication
This gives details on how Authentication is to be handled when connecting to the Merpi API.
Every request you make to the MERPI API must include your API key and a transaction medium header. This page shows you where to find your keys and how to attach them correctly to your requests.
Finding Your API Keys
In your Dashboard, go to Settings > API Keys. You will see two keys listed: one for the Staging environment and one for the Live environment.
Never share your API keys or expose them in client-side code, public repositories, or anywhere visible to end users. If you suspect a key has been compromised, contact us at hello@syticks.com immediately.
Required Headers
Every API request must include the following headers:
X-API-KEY
Yes
Your MERPI API key (Staging or Live depending on your environment)
TransactionMedium
Yes
The channel your request is coming from: Web, Mobile, or POS
Content-Type
Yes
Always application/json
Accept
Yes
Always application/json
Attaching Your Key to a Request
Here is an example of a correctly authenticated request using cURL:
Use this when making requests from a website or web application.
Use this when making requests from a mobile application (iOS or Android).
Use this when making requests from a point-of-sale terminal.
Staging vs Live Keys
Your Staging and Live keys are completely separate. Using the wrong key in the wrong environment will either cause requests to fail or result in unintended real transactions.
Staging Key
Use during development and testing. Requests made with this key hit the Staging environment and use test wallet funds. No real money moves.
Live Key
Use in production only. Requests made with this key are real transactions that charge your Live wallet and issue actual tickets.
What's Next
With authentication set up, you have everything you need to start calling the API. Head to the Dashboard overview to understand what you can monitor and manage, or jump straight into the API reference.
Last updated