API Keys

Prahsys authenticates your API requests using your account’s API keys. If a request doesn’t include a valid key, Prahsys returns an invalid request 401 error.

Sandbox Environment

The Sandbox environment is a separate, isolated instance of the Prahsys platform dedicated exclusively to testing and development. Key features of the Sandbox include:

FeatureDescription
Isolated DataOrganizations/Merchants/Users created in Sandbox mode exist only in the testing environment and are completely separate from the production database
Test-Only KeysOnly test API keys (beginning with sk_test_) can be used with Sandbox merchants
Full API AccessAll API endpoints and features available in production are also available in the Sandbox
Simulated ResponsesOur API will simulate as much as possible for your testing. All data is isolated from your production data, and no real world operations will be performed where applicable (such as payment processing)

Using the Sandbox Environment

When integrating with the Sandbox:

  • Use the same API endpoints as production, but with your test API keys
  • All operations are simulated (no real money movement occurs)
  • Test all error cases and edge scenarios
  • Verify webhooks and notifications
  • Test your integration thoroughly before moving to production

Sandbox vs Live Mode

All Prahsys API requests occur in either sandbox or live mode. Each mode has its own set of API keys, and objects in one mode aren’t accessible to the other.

All API Keys are formatted: sk_[ENVIRONMENT]_[RANDOM_HASH]

ModeWhen to UseWhat HappensKey Prefix
SandboxDuring development and stagingSimulated transactions and responses; Everything will work as closely to production as possible. All response objects will be identical to what you will receive in production.sk_test_
LiveWith your production environmentProduct related activities will occur. You will be charged for API interactions where applicable.sk_live_

Moving from Sandbox to Live (Production)

  1. Complete all testing in the Sandbox environment
  2. Swap out your key sk_test_... for your live key sk_live_...

Using API Keys

Authentication Headers

Include your API key in the Authorization header of all API requests:

Authorization: Bearer sk_[ENVIRONMENT]_[SECRET_SAUCE]

API Key Management

Manage your API keys through the Prahsys Dashboard:

  1. Navigate to Dashboard > Developers > API Keys
  2. View existing keys
  3. Generate new keys
  4. Delete existing keys

Security Best Practices

  • Never share your secret keys or include them in client-side code
  • Store keys in environment variables or secure key management systems
  • Use separate keys for different applications to limit breach impact
  • Implement key rotation as part of your security procedures
  • Use sandbox keys exclusively for testing to avoid accidental live transactions

Implementation Examples

Get API status

bash
curl -X GET https://api.prahsys.com/merchant/status \
-H "Authorization: Bearer $PRAHSYS_API_KEY" \
-H "Content-Type: application/json"

Key Rotation

If you suspect a key has been compromised, or as part of regular security maintenance:

  1. Generate a new API key in the Prahsys Merchant Dashboard
  2. Update your applications to use the new key
  3. Verify functionality with the new key
  4. Delete the old key

Troubleshooting

ErrorPossible CauseSolution
401 UnauthorizedInvalid or expired API keyVerify you’re using the correct API key
403 ForbiddenInsufficient permissionsContact your account manager to adjust permissions
404 Not FoundAttempting to access object from different modeEnsure you’re using matching sandbox or live keys for all operations

For additional assistance, contact Prahsys Support.