This page explains how to authenticate with the Ravelin API.

On this page:

Ravelin uses API keys and token authentication to allow access to our API.

Your API keys can be found under the API Keys tab in the Developer section of the dashboard.

All API requests should also be made using HTTPS.

Secret API Keys

Your Secret API Keys should be used when sending requests to and will either have the prefix sk_ or secret_key_.

You should include your Secret API Key in the Authorization header of all requests to in the format: Authorization: token sk_live_your_secret_key.

For example:

$ curl "" \
    -H "Authorization: token sk_live_your_secret_key" \
    -X POST

Publishable API Keys

Your Publishable API Keys (and, if provided, your Public RSA Keys) should be used by ravelinjs and the Mobile SDKs (see docs: iOS, Android).

Your Publishable API Keys will either have the prefix pk_ or publishable_key_.

Sandbox API Keys

You have both live and sandbox API keys.

Keys for use with your sandbox account include the term _test_, while keys for use with your live account include the term _live_.

Your sandbox keys can be accessed in the same API Keys tab in the Developer section of the dashboard, when you’ve switched to your sandbox account from the account menu.

Requesting new API keys

You can request new API keys by contacting your account manager.


© Ravelin Technology Ltd. All rights reserved