API Keys

Prahsys authenticates your API requests using your account’s API keys. If a request doesn’t include a valid key, Prahsys returns an invalid request error.

Sandbox Environment

The Sandbox environment is a separate, isolated instance of the Prahsys platform dedicated exclusively to testing and development. Key features of the Sandbox include:

Using the Sandbox Environment

When integrating with the Sandbox:

• Use the same API endpoints as production, but with your test API keys
• All operations are simulated (no real money movement occurs)
• Test all error cases and edge scenarios
• Verify webhooks and notifications
• Test your integration thoroughly before moving to production

Sandbox vs Live Mode

All Prahsys API requests occur in either sandbox or live mode. Each mode has its own set of API keys, and objects in one mode aren’t accessible to the other.

All API Keys are formatted: sk_[ENVIRONMENT]_[RANDOM_HASH]

Important: You can only reveal a live mode secret key once. If you lose it, you’ll need to create a new one.

Moving from Sandbox to Live (Production)

1. Complete all testing in the Sandbox environment
2. Swap out your key sk_test_... for your live key sk_live_...

Important Note: Test API keys (sk_test_...) can be used with both Sandbox merchant accounts and live merchant accounts. When test keys are used with live merchant accounts, transactions are still simulated and no real money is moved, but the test data will appear alongside your live data.

Using API Keys

Authentication Headers

Include your API key in the Authorization header of all API requests:

Authorization: Bearer sk_[ENVIRONMENT]_JA*@#jJXXXXXXX

Important Note: Sandbox API keys (sk_test_XXX) can be used with both Sandbox accounts and live accounts. When test keys are used with live accounts, operations are still simulated, but the test data will appear alongside your live data.

API Key Management

Manage your API keys through the Prahsys Dashboard:

1. Navigate to Dashboard > Developers > API Keys
2. View existing keys
3. Generate new keys
4. Delete existing keys

Security Best Practices

• Never share your secret keys or include them in client-side code
• Store keys in environment variables or secure key management systems
• Use separate keys for different applications to limit breach impact
• Implement key rotation as part of your security procedures
• Use sandbox keys exclusively for testing to avoid accidental live transactions

Implementation Examples

curl -X GET https://api.prahsys.com/status \
  -H "Authorization: Bearer $PRAHSYS_SECRET_KEY" \
  -H "Content-Type: application/json"

const headers = {
  Authorization: `Bearer ${process.env.PRAHSYS_SECRET_KEY}`,
  "Content-Type": "application/json",
};
 
fetch("https://api.prahsys.com/status", {
  method: "GET",
  headers: headers,
}).then((response) => response.json())
  .then((data) => console.log(data))
  .catch((error) => console.error("Error:", error));

import requests
import os
 
api_key = os.environ.get('PRAHSYS_SECRET_KEY')
headers = {
    'Authorization': f'Bearer {api_key}',
    'Content-Type': 'application/json'
}
 
response = requests.get('https://api.prahsys.com/status', headers=headers)
data = response.json()
print(data)

<?php
$api_key = getenv('PRAHSYS_SECRET_KEY');
 
$curl = curl_init();
 
curl_setopt_array($curl, [
  CURLOPT_URL => "https://api.prahsys.com/status",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_HTTPHEADER => [
    "Authorization: Bearer " . $api_key,
    "Content-Type: application/json"
  ]
]);
 
$response = curl_exec($curl);
$err = curl_error($curl);
 
curl_close($curl);
 
if ($err) {
  echo "Error: " . $err;
} else {
  $data = json_decode($response, true);
  print_r($data);
}
?>

using System;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Threading.Tasks;
using Newtonsoft.Json;
 
class Program
{
    static async Task Main(string[] args)
    {
        string apiKey = Environment.GetEnvironmentVariable("PRAHSYS_SECRET_KEY");
 
        using (HttpClient client = new HttpClient())
        {
            client.DefaultRequestHeaders.Authorization =
                new AuthenticationHeaderValue("Bearer", apiKey);
            client.DefaultRequestHeaders.Accept.Add(
                new MediaTypeWithQualityHeaderValue("application/json"));
 
            try
            {
                HttpResponseMessage response = await client.GetAsync("https://api.prahsys.com/status");
                response.EnsureSuccessStatusCode();
 
                string responseBody = await response.Content.ReadAsStringAsync();
                var data = JsonConvert.DeserializeObject(responseBody);
                Console.WriteLine(data);
            }
            catch (HttpRequestException e)
            {
                Console.WriteLine($"Error: {e.Message}");
            }
        }
    }
}

Key Rotation

If you suspect a key has been compromised, or as part of regular security maintenance:

1. Generate a new API key in the Prahsys Merchant Dashboard
2. Update your applications to use the new key
3. Verify functionality with the new key
4. Delete the old key

Troubleshooting

For additional assistance, contact Prahsys Support .